From ${URL} : Description Some vulnerabilities have been reported in FFmpeg, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise an application using the library. 1) Some errors within libavcodec/vmnc.c can be exploited to cause out of bounds read memory accesses. 2) Some integer overflow errors within the "decode_frame()" function (libavcodec/vmnc.c) can be exploited to cause heap-based buffer overflows. Successful exploitation of vulnerability #2 may allow execution of arbitrary code. Solution: Fixed in the git repository. Provided and/or discovered by: The vendor credits Mateusz "j00ru" Jurczyk and Gynvael Coldwind. Original Advisory: http://git.libav.org/?p=libav.git;a=commit;h=61cd19b8bc32185c8caf64d89d1b0909877a0707 http://git.libav.org/?p=libav.git;a=commit;h=5e992a4682d2c09eed3839c6cacf70db3b65c2f4 @maintainer(s): after the bump, in case we need to stabilize the package, please say explicitly if it is ready for the stabilization or not.
sounds like libav stuff, secunia link is about graphicsmagick, ffmpeg 1.2.6 seems to have the fixes; cc us back when you'll have figured what's wrong and what needs to be done
At this was fixed in 1.2.6, but will require a GLSA. Setting this to 548006, which when fixed will be one MONSTER GLSA.
This issue was resolved and addressed in GLSA 201603-06 at https://security.gentoo.org/glsa/201603-06 by GLSA coordinator Kristian Fiskerstrand (K_F).
