Print

Print


RISKS-LIST: Risks-Forum Digest  Saturday 5 July 2014  Volume 28 : Issue 06

Raising Lazarus - The 20 Year Old Bug that Went to Mars

Buffer overflows in 20-year-old LZ decompression code (Don A. Bailey
via Henry Baker)

Users

All users of FFmpeg, Libav, and projects that depend on them, should
consider themselves at risk to remote code execution.  Period.  Please
update your software from the FFmpeg and Libav websites, or refrain from
using these applications until your distribution has an adequate patch.

Technical details of the 'bug' which even exists on Mars!! can be found here:

Raising Lazarus - The 20 Year Old Bug that Went to Mars

http://blog.securitymouse.com/2014/06/raising-lazarus-20-year-old-bug-that.html

https://groups.google.com/forum/#!topic/comp.risks/pniAM_boB_s

CJB