Is the K-lite codec pack affected to this attack?

View previous topic View next topic Go down

Is the K-lite codec pack affected to this attack?

Post by Rul3z on Mon Jan 18, 2016 11:10 pm

Hello! I have installed K-lite 'mega' codec 10.7.5 and some days ago I read the post about ffmpeg vulnerability.
http://habrahabr.ru/company/mailru/blog/274855/ [on russian]
http://news.softpedia.com/news/zero-day-ffmpeg-vulnerability-lets-anyone-steal-files-from-remote-machines-498880.shtml [some info on english]
I want to know - my version of this pack have this FFmpeg and this bug? All settings in 'mega' codec pack I leave by default. If yes - where can I type this command manually on windows 7 "--disable-network configure flag" to fix this?
Sorry for my bad english.

Rul3z

Posts : 2
Join date : 2016-01-18

View user profile

Back to top Go down

Re: Is the K-lite codec pack affected to this attack?

Post by Admin on Tue Jan 19, 2016 2:50 am

The codec pack only uses a subset of the functionality from FFmpeg. Exploiting that vulnerability requires multiple pieces of functionality from FFmpeg, some of which (like the 'pipe' protocol) are not included in the compiled FFmpeg libraries that used by the codec pack. So current (and old) versions of the K-Lite codec pack are not vulnerable.

But if it makes you feel better, the patch that fixes that vulnerability in FFmpeg is already included in version 11.8.6 of the codec pack.

Admin
Admin

Posts : 2979
Join date : 2011-06-17

View user profile http://codecs.forumotion.net

Back to top Go down

Re: Is the K-lite codec pack affected to this attack?

Post by Rul3z on Tue Jan 19, 2016 3:52 am

Ok, thanks you for answer! Very Happy

Rul3z

Posts : 2
Join date : 2016-01-18

View user profile

Back to top Go down

Re: Is the K-lite codec pack affected to this attack?

Post by Sponsored content Today at 1:32 am


Sponsored content


Back to top Go down

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum