[Utilizer]

FFmpeg vulnerability affecting several OSs', already patched in Arch Linux.

Linux coders and security pros are the best!

[steve86]

Already patched in SUSE.

[Ghost of SVR4]

Thanks for posting...

[Utilizer]

Note that this affects ‘nix, ‘doze, and mac machines, according to the article.

[proxy_user]

“....a specially crafted video file.”

Disguised as free porn, no doubt. They won’t have any trouble getting guys to download it.

[TXnMA]

FYI ping...

[Swordmaker]

If you are not using FFmpeg, you shouldn't be vulnerable to this exploit, because you wouldn't have the codexes needed to decode the files.

"FFmpeg is a free software project that produces libraries and programs for handling multimedia data. FFmpeg includes libavcodec, an audio/video codec library used by several other projects, libavformat, an audio/video container mux and demux library, and the ffmpeg command line program for transcoding multimedia files. FFmpeg is published under the GNU Lesser General Public License 2.1+ or GNU General Public License 2+ (depending on which options are enabled).[6]

FFmpeg is developed under Linux, but it can be compiled under most operating systems, including Mac OS X, Microsoft Windows, as well as AmigaOS and its heir MorphOS. Most computing platforms and microprocessor instruction set architectures are also supported, like x86 (IA-32 and x86-64), PPC (PowerPC), ARM, DEC Alpha, SPARC, and MIPS.[7]

Most Mac users are already well covered with players that handle any multimedia files they may run into so are unlikely to download another multimedia file handling system.

After reading the information on it, I don't believe I am going to even ping the Apple Ping list for this one. . . it's a pretty geeky thing. It requires an active decision to install a player or codex that utilizes this file format.

[TChad]

11-16-2015: "Firefox 43 to Use FFmpeg by Default on Linux":

http://news.softpedia.com/news/firefox-43-to-use-ffmpeg-by-default-on-linux-496213.shtml

[ShadowAce]