Nad We Misc hsearchv Help Help a Nad e Nastysensual 2 Misc n Misc wsearchpsearchi
Har s Misc a Nastysensual c Har rsearchHl Har searchssearcha Nad c Help a 
re Misc rsearchh Har Misc a Help search
rhsearch e
p Har 0.7.8 and 0.8.7) that fix many bugs, several of which are security relevant. Amongth them NGS00144, NGS00145 and NGS00148.
We recommend users, distributors and system integrators to upgrade unless they use
current git master.
FFmpeg supports the fight against American Internet censorship.
We have made a new point release (0.5.5) from the old 0.5 branch. It fixes many serious security issues, a partial list is below.
d39cc3c0 resample2: fix potential overflow e124c3c2 resample: Fix overflow 8acc0546 matroskadec: fix out of bounds write c603cf51 qtrle: check for out of bound writes. e1a46eff qtrle: check for invalid line offset 23aaa82b vqa: fix double free on corrupted streams 58087a4e mpc7: return error if packet is too small. 8d1fa1c9 mpc7: check output buffer size before decoding 2eb5f77b h264: do not let invalid values in h->ref_count after a decoder reset. ddbbe500 h264: fix the check for invalid SPS:num_ref_frames. d1a5b53e h264: do not let invalid values in h->ref_count on ff_h264_decode_ref_pic_list_reordering() errors. 3699a46e Check for out of bound writes in the QDM2 decoder. 62da9203 Check for out of bound writes in the avs demuxer. 2e1e3c1e Check for corrupted data in avs demuxer. 635256a3 Fix out of bound writes in fix_bitshift() of the shorten decoder. 240546a1 Check for out of bounds writes in the Delphine Software International CIN decoder. 07df40db Check for invalid update parameters in vmd video decoder. b24c2e59 Release old pictures after a resolution change in vp5/6 decoder 25bc1108 Check output buffer size in nellymoser decoder. 8ef917c0 check all svq3_get_ue_golomb() returns. 648dc680 Reject audio tracks with invalid interleaver parameters in RM demuxer. d6f8b654 segafilm: Check for memory allocation failures in segafilm demuxer. d8439f04 rv34: check that subsequent slices have the same type as first one. 6108f04d Fixed segfault on corrupted smacker streams in the demuxer. b261ebfd Fixed segfaults on corruped smacker streams in the decoder. 03db051b Fixed segfault with wavpack decoder on corrupted decorrelation terms sub-blocks. 9cda3d79 rv10: Reject slices that does not have the same type as the first one 52b8edc9 oggdec: fix out of bound write in the ogg demuxer 2e17744a Fixed off by one packet size allocation in the smacker demuxer. 19431d4d ape demuxer: fix segfault on memory allocation failure. ecd6fa11 Check for invalid packet size in the smacker demuxer. 80fb9f2c cavsdec: avoid possible crash with crafted input 46f9a620 Fix possible double free when encoding using xvid. 4f07a3aa Fix memory (re)allocation in matroskadec.c, related to MSVR-11-0080. Fixes: MSVR11-011, CVE-2011-3504 04888ede cavs: fix some crashes with invalid bitstreams Fixes CVE-2011-3362, CVE-2011-3973, CVE-2011-3974 24cd7c5d Fix apparently exploitable race condition. 8210ee22 AMV: Fix possibly exploitable crash. Fixes bugtraq/2011/Apr/257
We recommend distributors and system integrators whenever possible to upgrade to 0.7.7, 0.8.6 or git master. But when this is not possible 0.5.5 is more secure than previous releases from the 0.5 branch. If you are looking for an updated 0.6 release, please consider 0.7.7 which is ABI compatible and contains a huge number of security fixes that are missing in 0.6.*.
We have made 2 new point releases (0.7.7 and 0.8.6) that fix around 90 bugs, several of which are security relevant. We recommend users, distributors and system integrators to upgrade unless they use current git master.
New stuff in git master:
planar rgb input support in sws libmodplug & bintext output g723.1 encoder g723.1 muxer random() function for the expression evaluator persistent variables for the expression evaluator pulseaudio input support h264 422 inter decoding support prores encoder native utvideo decoder libutvideo support deshake filter aevalsrc filter segment muxer mkv timecode v2 muxer cache urlprotocol many bugfixes and many other things
We have made 2 new point releases (0.7.6 and 0.8.5) that fix security issues in
4X Technologies demuxer 4xm decoder ADPCM IMA Electronic Arts EACS decoder ANM decoder Delphine Software International CIN decoder Deluxe Paint Animation demuxer Electronic Arts CMV decoder PTX decoder QDM2 decoder QuickDraw decoder TIFF decoder Tiertex Limited SEQ decoder aac decoder avi demuxer avs demuxer bink decoder flic decoder h264 decoder indeo2 decoder jpeg 2000 decoder, libx264 interface to x264 encoder mov muxer mpc v8 decoder rasterfile decode shorten decoder sun raster decoder unsharp filter vmd audio decoder vmd video decoder wmapro decoder wmavoice decoder xan decoder
These releases also add libaacplus support and include all changes
from libav.org 0.7.2.
We recommend users, distributors and system integrators to upgrade unless they use
current git master.
New stuff in git master:
libaacplus support ACT/BIT demuxers AMV video encoder g729 decoder stdin control of drawtext 2bpp, 4bpp png support interlaced 1bpp and PAETH png fixes libspeex encoding support hardened h264 decoder that wont overread the bitstream wtv muxer H/W Accelerated H.264 Decoding on Android stereo3d filter from libmpcodecs works now an experimental jpeg2000 encoder many bugfixes libswresample ...
We have made 2 new point releases that fix more security issues. They also include many bugfixes and a few backported features, for example speex encoding support through libspeex has been backported. All changes from the latest libav release (0.7.1) are included as well. Grab them from our download page. or even better use latest git master.
FFmpeg now has a ProRes decoder in master git.
We want to support more raw or 10bit or broadcast codecs. We need samples of the following codecs. If you have some, please upload them to our trac.
Codec name / isom or fourcc
Pinnacle TARGA2000 dvr1 Pinnacle TARGA Cine YUV Y216 BlackMagic Design Vr21 Digital Voodoo DV10 HD10 Media-100 844/X Uncompressed v.2.02 MYUV Media-100 iFinish Transcoder dtmt Accom SphereOUS v.3.0.1 ImJG Abekas ClipStore MXc J2K Compressed v.3.0.2 HDJ1 HDJK BOXX v.1.0 bxrg bxbg bxyv bxy2 LiveType Codec Decompressor pRiz Cineon DPX 10-bit Y'CbCr 4:2:2 D210 C310 DPX cini Radius DV YUV PAL/NTSC R420 R411
We have made 2 new point releases that fix several security issues, amongth them MSVR-11-0088. They also include many bugfixes and a few backported features. All changes from the latest libav release (0.7.1) are included as well. Grab them from our download page. or even better use latest git master.
We have added support for H.264 4:2:2 intra, there are some new 8->10bit fixes in swscale, ffplay has more accurate AV-sync, ogg duration is more accurate now, we can decode WMVP and WVP2 streams and many many other new things and bugfixes. All in ffmpeg git master.
We have made 2 new point releases that fix several security issues, amongth them MSVR-11-0080. They also include many bugfixes and a few backported features. All changes from libav 0.7.1 are included as well. Grab them from our download page. or even better use latest git master.
Instead of having fun outside in the warm summer months, we have made a new release: FFmpeg 0.8! All bugfixes and merges from ffmpeg-mt and libav are included in this release. Although we still recommend you use the latest git version of our code.
We have also made an OLDABI release: FFmpeg 0.7.1. It contains almost all of the features, bugfixes and merges of ffmpeg-mt and libav of 0.8, while being compatible with the 0.6 ABI and API. It has a few missing features, read the Changelog for more information.
FFmpeg now accesses x264 presets via libx264. This extends functionality by introducing several new libx264 options including -preset, -tune, and -profile. You can read more detailed information about these options with "x264 --fullhelp".
The syntax has changed so be sure to update your commands. Example:
ffmpeg -i input -vcodec libx264 -preset fast -tune film -profile main -crf 22 -threads 0 output
FFmpeg now has an oldabi branch. It is updated to master but with the old ABI. Only fixes that break the old ABI are missing from this branch.
To access the oldabi branch, clone FFmpeg, then do
git checkout oldabi
To get back to latest FFmpeg, just run:
git checkout master
FFmpeg can now decode 9-bit and 10-bit H.264 streams, used in particular by AVCIntra 50.
In order to supply our release users with the newest features and bug fixes we are in the process of making a new release. The release will be based on the latest development tree while staying API/ABI compatible to the previous release.
Please download the release candidate and report problems to our bug tracker.
Win32 and Win64 builds of FFmpeg are now available at builds/
Please report any bugs to our bug tracker.
Today FFmpeg-mt, the multithreaded decoding branch, has been merged into FFmpeg. This has been a long awaited merge, and we would like to thank Alexander Strange for his patience and hard work.
Testing is appreciated and if you find any bugs please report them to our bug tracker.
The mailing lists have been fully migrated to ffmpeg.org!
The FFmpeg mailing lists were moved from sourceforge.net to mplayerhq.hu in April 2005, and moved from mplayerhq.hu to ffmpeg.org in 2011.
Unfortunately the lists were down for a few hours because of the abrupt shut down on the previous server[1]. We apologize for this interruption. Also we could not move the subscribers of the libav-user mailing list (libav-user is for application developers using libav* libraries from the FFmpeg project). Even though libav-user was not listed in the shut down announcement[1], it was also shut down.
If you are not yet subscribed we encourage you to do so now if you are interested in FFmpeg or multimedia or both. Visit our contacts page to find out more about the various mailing lists surrounding the FFmpeg project. You can also find the archives there if you like to browse the old posts.
As stated in the previous news entry we are in the process of recovering our project infrastructure. We will keep you posted.
Reinhard Tartler backported several security fixes to the 0.5 release branch and made another point release, that is 0.5.4. Note, 0.5 is quite old and this release is mostly for those stuck with the 0.5 branch, and not so interesting for end users.
Changelog between 0.5.3 and 0.5.4 - Fix memory corruption in WMV parsing (addresses CVE-2010-3908) - Fix heap corruption crashes (addresses CVE-2011-0722) - Fix crashes in Vorbis decoding found by zzuf (addresses CVE-2010-4704) - Fix another crash in Vorbis decoding (addresses CVE-2011-0480, Chrome issue 68115) - Fix invalid reads in VC-1 decoding (related to CVE-2011-0723) - Do not attempt to decode APE file with no frames (addresses 1103-exploits/vlc105-dos.txt)