Gentoo Linux Security Advisory 201603-6 - Multiple vulnerabilities have been found in FFmpeg, the worst of which could lead to arbitrary code execution or Denial of Service condition. Versions less than 2.6.3 are affected.
18de70edba797a51c3c8ccb26d96c99dbe6bb5407fc277ac947f2cd4c31e9879Gentoo Linux Security Advisory 201502-8 - Multiple vulnerabilities have been found in Libav, allowing attackers to execute arbitrary code or cause Denial of Service. Versions less than 9.17 are affected.
8b25111daeecad86d923dea6ab62f2ab11b37e8fde0d7e62cded8470639bf721Mandriva Linux Security Advisory 2014-227 - The decode_init function in libavcodec/huffyuv.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via a crafted width in huffyuv data with the predictor set to median and the colorspace set to YUV422P, which triggers an out-of-bounds array access. The parse_picture_segment function in libavcodec/pgssubdec.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via crafted RLE data, which triggers an out-of-bounds array access. The ff_er_frame_end function in libavcodec/error_resilience.c in FFmpeg before 1.0.4 and 1.1.x before 1.1.1 does not properly verify that a frame is fully initialized, which allows remote attackers to trigger a NULL pointer dereference via crafted picture data. The mm_decode_inter function in mmvideo.c in libavcodec in FFmpeg before 1.2.1 does not validate the relationship between a horizontal coordinate and a width value, which allows remote attackers to cause a denial of service via crafted American Laser Games MM Video data. The cdg_decode_frame function in cdgraphics.c in libavcodec in FFmpeg before 1.2.1 does not validate the presence of non-header data in a buffer, which allows remote attackers to cause a denial of service via crafted CD Graphics Video data. The read_header function in libavcodec/ffv1dec.c in FFmpeg before 2.1 does not properly enforce certain bit-count and colorspace constraints, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted FFV1 data. The updated packages have been upgraded to the 0.10.15 version which is not vulnerable to these issues.
cf41dc584dc8f69da805e217d05ba3652ca3aa212448252fb3fd5fc8f26c4777Debian Linux Security Advisory 3003-1 - Several security issues have been corrected in multiple demuxers and decoders of the libav multimedia library.
70339fe9c5d5fd5a410f2b3dabbca2412936ecc78d144f4d00c4a0c1f5267955
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed