Number: AV16-207
Date: 23 December 2016
Purpose
Assessment
A security update was released for FFmpeg which addresses multiple vulnerabilities. Exploitation of these vulnerabilities may allow for arbitrary remote code execution.
FFmpeg is an open source software project including libraries and tools focused on the handling of multimedia data. It is included with and widely leveraged by several hardware and software products.
Affected versions:
FFmpeg versions prior to 3.2
CVE References: CVE-2016-5199, CVE-2016-7122, CVE-2016-7450, CVE-2016-7502, CVE-2016-7555, CVE-2016-7562, CVE-2016-7785, CVE-2016-7905, CVE-2016-8595
Suggested action
CCIRC recommends that system administrators test and deploy the vendor-released updates to affected applications accordingly.