Register | Log in

ffmpeg

Tools for transcoding, streaming and playing of multimedia files

Choose email to subscribe with

general

source: ffmpeg (main)
version: 7:3.4.3-1
maintainer: Debian Multimedia Maintainers (archive) [DMD]
uploaders: Reinhard Tartler [DMD] – Balint Reczey [DMD] – Andreas Cadhalpun [DMD] – Alexander Strasser [DMD] – James Cowgill [DMD]
arch: all any
std-ver: 4.1.5
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

old-bpo: 7:3.2.10-1~deb9u1~bpo8+1
stable: 7:3.2.10-1~deb9u1
stable-sec: 7:3.2.10-1~deb9u1
testing: 7:3.4.3-1
unstable: 7:3.4.3-1
exp: 7:4.0.1-1

versioned links

7:3.2.5-1~bpo8+1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
7:3.2.10-1~deb9u1~bpo8+1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
7:3.2.10-1~deb9u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
7:3.4.2-2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
7:3.4.3-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
7:4.0-2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
7:4.0-3: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
7:4.0.1-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

ffmpeg
ffmpeg-doc
libavcodec-dev
libavcodec-extra
libavcodec-extra57
libavcodec57
libavdevice-dev
libavdevice57
libavfilter-dev
libavfilter-extra
libavfilter-extra6
libavfilter6
libavformat-dev
libavformat57
libavresample-dev
libavresample3
libavutil-dev
libavutil55
libpostproc-dev
libpostproc54
libswresample-dev
libswresample2
libswscale-dev
libswscale4

action needed

A new upstream version is available: 4.0.1 high

A new upstream version 4.0.1 is available, you should consider packaging it.

Created: 2018-04-21 Last update: 2018-07-17 14:06

9 security issues in stretch high

There are 9 open security issues in stretch.

7 important issues:

CVE-2018-12458: An improper integer type in the mpeg4_encode_gop_header function in libavcodec/mpeg4videoenc.c in FFmpeg 4.0 may trigger an assertion violation while converting a crafted AVI file to MPEG4, leading to a denial of service.
CVE-2018-13302: In FFmpeg 4.0.1, improper handling of frame types (other than EAC3_FRAME_TYPE_INDEPENDENT) that have multiple independent substreams in the handle_eac3 function in libavformat/movenc.c may trigger an out-of-array access while converting a crafted AVI file to MPEG4, leading to a denial of service or possibly unspecified other impact.
CVE-2018-6392: The filter_slice function in libavfilter/vf_transpose.c in FFmpeg through 3.4.1 allows remote attackers to cause a denial of service (out-of-array access) via a crafted MP4 file.
CVE-2018-10001: The decode_init function in libavcodec/utvideodec.c in FFmpeg through 3.4.2 allows remote attackers to cause a denial of service (out of array read) via an AVI file.
CVE-2018-6621: The decode_frame function in libavcodec/utvideodec.c in FFmpeg through 3.4.1 allows remote attackers to cause a denial of service (out of array read) via a crafted AVI file.
CVE-2018-13300: In FFmpeg 4.0.1, an improper argument (AVCodecParameters) passed to the avpriv_request_sample function in the handle_eac3 function in libavformat/movenc.c may trigger an out-of-array read while converting a crafted AVI file to MPEG4, leading to a denial of service and possibly an information disclosure.
CVE-2018-7557: The decode_init function in libavcodec/utvideodec.c in FFmpeg through 3.4.2 allows remote attackers to cause a denial of service (Out of array read) via an AVI file with crafted dimensions within chroma subsampling data.

2 issues skipped by the security teams:

CVE-2018-12459: An inconsistent bits-per-sample value in the ff_mpeg4_decode_picture_header function in libavcodec/mpeg4videodec.c in FFmpeg 4.0 may trigger an assertion violation while converting a crafted AVI file to MPEG4, leading to a denial of service.
CVE-2018-13301: In FFmpeg 4.0.1, due to a missing check of a profile value before setting it, the ff_mpeg4_decode_picture_header function in libavcodec/mpeg4videodec.c may trigger a NULL pointer dereference while converting a crafted AVI file to MPEG4, leading to a denial of service.

Please fix them.

Created: 2017-12-01 Last update: 2018-07-13 20:14

6 security issues in buster high

There are 6 open security issues in buster.

6 important issues:

CVE-2018-12459: An inconsistent bits-per-sample value in the ff_mpeg4_decode_picture_header function in libavcodec/mpeg4videodec.c in FFmpeg 4.0 may trigger an assertion violation while converting a crafted AVI file to MPEG4, leading to a denial of service.
CVE-2018-13301: In FFmpeg 4.0.1, due to a missing check of a profile value before setting it, the ff_mpeg4_decode_picture_header function in libavcodec/mpeg4videodec.c may trigger a NULL pointer dereference while converting a crafted AVI file to MPEG4, leading to a denial of service.
CVE-2018-6912: The decode_plane function in libavcodec/utvideodec.c in FFmpeg through 3.4.2 allows remote attackers to cause a denial of service (out of array read) via a crafted AVI file.
CVE-2018-13305: In FFmpeg 4.0.1, due to a missing check for negative values of the mquant variable, the vc1_put_blocks_clamped function in libavcodec/vc1_block.c may trigger an out-of-array access while converting a crafted AVI file to MPEG4, leading to an information disclosure or a denial of service.
CVE-2018-13303: In FFmpeg 4.0.1, a missing check for failure of a call to init_get_bits8() in the avpriv_ac3_parse_header function in libavcodec/ac3_parser.c may trigger a NULL pointer dereference while converting a crafted AVI file to MPEG4, leading to a denial of service.
CVE-2018-13304: In libavcodec in FFmpeg 4.0.1, improper maintenance of the consistency between the context profile field and studio_profile in libavcodec may trigger an assertion failure while converting a crafted AVI file to MPEG4, leading to a denial of service, related to error_resilience.c, h263dec.c, and mpeg4videodec.c.

Please fix them.

Created: 2018-01-02 Last update: 2018-07-13 20:14

6 security issues in sid high

There are 6 open security issues in sid.

6 important issues:

CVE-2018-12459: An inconsistent bits-per-sample value in the ff_mpeg4_decode_picture_header function in libavcodec/mpeg4videodec.c in FFmpeg 4.0 may trigger an assertion violation while converting a crafted AVI file to MPEG4, leading to a denial of service.
CVE-2018-13301: In FFmpeg 4.0.1, due to a missing check of a profile value before setting it, the ff_mpeg4_decode_picture_header function in libavcodec/mpeg4videodec.c may trigger a NULL pointer dereference while converting a crafted AVI file to MPEG4, leading to a denial of service.
CVE-2018-6912: The decode_plane function in libavcodec/utvideodec.c in FFmpeg through 3.4.2 allows remote attackers to cause a denial of service (out of array read) via a crafted AVI file.
CVE-2018-13305: In FFmpeg 4.0.1, due to a missing check for negative values of the mquant variable, the vc1_put_blocks_clamped function in libavcodec/vc1_block.c may trigger an out-of-array access while converting a crafted AVI file to MPEG4, leading to an information disclosure or a denial of service.
CVE-2018-13303: In FFmpeg 4.0.1, a missing check for failure of a call to init_get_bits8() in the avpriv_ac3_parse_header function in libavcodec/ac3_parser.c may trigger a NULL pointer dereference while converting a crafted AVI file to MPEG4, leading to a denial of service.
CVE-2018-13304: In libavcodec in FFmpeg 4.0.1, improper maintenance of the consistency between the context profile field and studio_profile in libavcodec may trigger an assertion failure while converting a crafted AVI file to MPEG4, leading to a denial of service, related to error_resilience.c, h263dec.c, and mpeg4videodec.c.

Please fix them.

Created: 2018-01-02 Last update: 2018-07-13 20:14

Build log checks report 1 error and 1 warning high

Build log checks report 1 error and 1 warning

Created: 2018-04-30 Last update: 2018-04-30 02:08

Depends on packages which need a new maintainer normal

The packages that ffmpeg depends on which need a new maintainer are:

libcdio-paranoia (#881910)
- Build-Depends: libcdio-paranoia-dev
- Depends: libcdio-cdda2 libcdio-paranoia2
libiec61883 (#826285)
- Build-Depends: libiec61883-dev
- Depends: libiec61883-0
libgsm (#891760)
- Build-Depends: libgsm1-dev
- Depends: libgsm1 libgsm1

Created: 2017-12-02 Last update: 2018-07-17 14:15

testing migrations

This package will soon be part of the auto-sndio transition. You might want to ensure that your package is ready for it. You can probably find supplementary information in the debian-release archives or in the corresponding release.debian.org bug.
This package will soon be part of the auto-ffmpeg transition. You might want to ensure that your package is ready for it. You can probably find supplementary information in the debian-release archives or in the corresponding release.debian.org bug.

news

[2018-07-13] ffmpeg 7:3.4.3-1 MIGRATED to testing (Debian testing watch)
[2018-07-11] Accepted ffmpeg 7:4.0.1-1 (source) into experimental (Sebastian Ramacher)
[2018-07-10] Accepted ffmpeg 7:3.4.3-1 (source) into unstable (Sebastian Ramacher)
[2018-06-06] Accepted ffmpeg 7:4.0-3 (source) into experimental (James Cowgill)
[2018-05-06] Accepted ffmpeg 7:4.0-2 (source) into experimental (James Cowgill)
[2018-04-22] Accepted ffmpeg 7:4.0-1 (source) into experimental (James Cowgill)
[2018-04-14] ffmpeg 7:3.4.2-2 MIGRATED to testing (Debian testing watch)
[2018-04-09] Accepted ffmpeg 7:3.4.2-2 (source) into unstable (James Cowgill)
[2018-02-18] ffmpeg 7:3.4.2-1 MIGRATED to testing (Debian testing watch)
[2018-02-12] Accepted ffmpeg 7:3.4.2-1 (source) into unstable (James Cowgill)
[2018-02-11] Accepted ffmpeg 7:3.2.10-1~deb9u1~bpo8+1 (source all) into jessie-backports->backports-policy, jessie-backports (James Cowgill)
[2018-02-08] Accepted ffmpeg 7:3.2.10-1~deb9u1 (source) into proposed-updates->stable-new, proposed-updates (James Cowgill)
[2018-01-24] Accepted ffmpeg 7:3.5~git20180113-1 (source amd64 all) into experimental, experimental (James Cowgill)
[2017-12-17] ffmpeg 7:3.4.1-1 MIGRATED to testing (Debian testing watch)
[2017-12-11] Accepted ffmpeg 7:3.4.1-1 (source) into unstable (James Cowgill)
[2017-11-30] ffmpeg 7:3.4-4 MIGRATED to testing (Debian testing watch)
[2017-11-29] Accepted ffmpeg 7:3.2.9-1~deb9u1 (source) into proposed-updates->stable-new, proposed-updates (Sebastian Ramacher)
[2017-11-25] Accepted ffmpeg 7:3.4-4 (source) into unstable (James Cowgill)
[2017-11-24] ffmpeg 7:3.4-3 MIGRATED to testing (Debian testing watch)
[2017-11-24] ffmpeg 7:3.4-3 MIGRATED to testing (Debian testing watch)
[2017-11-18] Accepted ffmpeg 7:3.4-3 (source) into unstable (James Cowgill)
[2017-11-15] ffmpeg 7:3.4-2 MIGRATED to testing (Debian testing watch)
[2017-11-09] Accepted ffmpeg 7:3.4-2 (source) into unstable (James Cowgill)
[2017-10-21] Accepted ffmpeg 7:3.4-1 (source) into experimental (James Cowgill)
[2017-10-19] Accepted ffmpeg 7:3.2.8-1~deb9u1 (source) into proposed-updates->stable-new, proposed-updates (Sebastian Ramacher)
[2017-10-01] ffmpeg 7:3.3.4-2 MIGRATED to testing (Debian testing watch)
[2017-09-26] Accepted ffmpeg 7:3.2.7-1~deb9u1 (source) into proposed-updates->stable-new, proposed-updates (Sebastian Ramacher)
[2017-09-26] Accepted ffmpeg 7:3.3.4-2 (source) into unstable (James Cowgill)
[2017-09-18] ffmpeg 7:3.3.4-1 MIGRATED to testing (Debian testing watch)
[2017-09-12] Accepted ffmpeg 7:3.3.4-1 (source) into unstable (James Cowgill)

1
2

bugs [bug history graph]

all: 8 9
RC: 0
I&N: 3 4
M&W: 4
F&P: 1

links

homepage
lintian
buildd: logs, exp, checks, clang, reproducibility
popcon
debci
browse source code
edit tags
security tracker
screenshots

ubuntu

[Information about Ubuntu for Debian Developers]

version: 7:3.4.2-2build2
6 bugs

Debian Package Tracker — Copyright 2013-2018 The Distro Tracker Developers

Report problems to the tracker.debian.org pseudo-package in the Debian BTS.

Documentation — Bugs — Git Repository — Contributing