Multiple vulnerabilities has been discovered and corrected in ffmpeg:

The decode_init function in libavcodec/huffyuv.c in FFmpeg before
1.1 allows remote attackers to have an unspecified impact via a
crafted width in huffyuv data with the predictor set to median and
the colorspace set to YUV422P, which triggers an out-of-bounds array
access (CVE-2013-0848).

The parse_picture_segment function in libavcodec/pgssubdec.c in FFmpeg
before 1.1 allows remote attackers to have an unspecified impact
via crafted RLE data, which triggers an out-of-bounds array access
(CVE-2013-0852).

The ff_er_frame_end function in libavcodec/error_resilience.c in FFmpeg
before 1.0.4 and 1.1.x before 1.1.1 does not properly verify that a
frame is fully initialized, which allows remote attackers to trigger
a NULL pointer dereference via crafted picture data (CVE-2013-0860).

The mm_decode_inter function in mmvideo.c in libavcodec in FFmpeg
before 1.2.1 does not validate the relationship between a horizontal
coordinate and a width value, which allows remote attackers to cause
a denial of service (out-of-bounds array access and application crash)
via crafted American Laser Games (ALG) MM Video data (CVE-2013-3672).

The cdg_decode_frame function in cdgraphics.c in libavcodec in FFmpeg
before 1.2.1 does not validate the presence of non-header data in a
buffer, which allows remote attackers to cause a denial of service
(out-of-bounds array access and application crash) via crafted CD
Graphics Video data (CVE-2013-3674).

The read_header function in libavcodec/ffv1dec.c in FFmpeg before
2.1 does not properly enforce certain bit-count and colorspace
constraints, which allows remote attackers to cause a denial of service
(out-of-bounds array access) or possibly have unspecified other impact
via crafted FFV1 data (CVE-2013-7020).

The updated packages have been upgraded to the 0.10.15 version which
is not vulnerable to these issues.