Release Notes: A possible integer overflow in the 4XM demuxer, reported as CVE-2009-0385, was resolved. An integer overflow in the Quicktime demuxer was fixed. A pause/resume freeze with pulseaudio was fixed. Support for a new MPEG2 decoder, libmpeg2new, was added. OpenBSD is now supported.
Release Notes: Broken size checks were fixed in various input plugins, as reported in CVE-2008-5239. More malloc checking was added, as demanded by CVE-2008-5240. A possible integer overflow in the 4XM demuxer was fixed. Race conditions in gapless_switch were fixed. Several other fixes were made.
Release Notes: Building with older ffmpeg versions was fixed. Broken playback of some H.264 files was fixed. A version check for the CACA library was added. Several other minor changes were made.
Release Notes: Several security fixes were made. This solves a heap overflow in Quicktime atom parsing, multiple buffer overflows, multiple integer overflows, unchecked or incompletely checked read function results, unchecked malloc using untrusted values, buffer indexing using untrusted or unchecked values, integer overflows in the ffmpeg audio decoder and the CDDA server, and a heap buffer overflow in the ffmpeg video decoder. A segfault on invalid track type in Matroska files is avoided. Several further bugfixes were made. H.264 and AAC streams are now supported within FLV.
Release Notes: Several security fixes have been made, such as for crashes with various corrupted media files, as reported in CVE-2008-3231. An exploitable ID3 heap buffer overflow has been fixed. Some checks for memory allocation failures have been added. A V4L segfault has been resolved. AMR audio and Snow video are now recognized. Xv deinterlacing image corruption on some chipsets has been solved. Crashes with MP3 files with metadata consisting only of separators have been fixed. An Xv port and type selection have been added. Content type detection for HTTP streams has been improved. Several DVB and V4L improvements and fixes have been made.
Release Notes: A buffer overflow in the NSF demuxer, possibly allowing remote attackers to cause a denial of service (crash) or execute arbitrary code, was fixed. This vulnerability was reported as CVE-2008-1878. More usage of calloc() was deployed to provide extra safety against possible integer overflows as found in CVE-2008-1482. The JACK output plugin was improved. The display of some MJPEG streams (YUVJ420P) was fixed.
Release Notes: An insufficient boundary check in the Speex audio decoder, as reported in CVE-2008-1686, was fixed. Two regressions in 126.96.36.199, breaking QuickTime container handling and the Matroska demuxer, were fixed. Various improvements were made to the Real codec. The PulseAudio driver was improved.
Release Notes: Several integer overflows were fixed in FLV, Qt, Real, WC3Movie, Matroska, and FILM demuxers. These overflows allowed remote attackers to trigger heap overflows and possibly execute arbitrary code (reported in CVE-2008-1482). Several other minor bugs were fixed.
Release Notes: An array indexing vulnerability in sdpplin_parse(), as reported in CVE-2008-0073, was fixed. Plugin version handling was improved. A breakage caused by an off-by-one in the FLAC security fix was solved. Support for 16-bit big-endian DTS audio was added. The frame snapshot API was improved. A long delay when closing stream on dual core systems was resolved.
Release Notes: A potential stack buffer overflow via crafted FLAC tags, as reported in CVE-2008-0486, was fixed. Detection of MP3 streams with ID3v2 tags was improved. A RealPlayer codec detection bug was fixed.