CVE-2013-3672

Related Files

Gentoo Linux Security Advisory 201502-08

Posted Feb 9, 2015

Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201502-8 - Multiple vulnerabilities have been found in Libav, allowing attackers to execute arbitrary code or cause Denial of Service. Versions less than 9.17 are affected.

tags | advisory, denial of service, arbitrary, vulnerability

systems | linux, gentoo

advisories | CVE-2011-3934, CVE-2011-3935, CVE-2011-3946, CVE-2013-0848, CVE-2013-0851, CVE-2013-0852, CVE-2013-0860, CVE-2013-0868, CVE-2013-3672, CVE-2013-3674, CVE-2014-4609

SHA-256 | 8b25111daeecad86d923dea6ab62f2ab11b37e8fde0d7e62cded8470639bf721

Download | Favorite | View

Mandriva Linux Security Advisory 2014-227

Posted Nov 25, 2014

Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-227 - The decode_init function in libavcodec/huffyuv.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via a crafted width in huffyuv data with the predictor set to median and the colorspace set to YUV422P, which triggers an out-of-bounds array access. The parse_picture_segment function in libavcodec/pgssubdec.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via crafted RLE data, which triggers an out-of-bounds array access. The ff_er_frame_end function in libavcodec/error_resilience.c in FFmpeg before 1.0.4 and 1.1.x before 1.1.1 does not properly verify that a frame is fully initialized, which allows remote attackers to trigger a NULL pointer dereference via crafted picture data. The mm_decode_inter function in mmvideo.c in libavcodec in FFmpeg before 1.2.1 does not validate the relationship between a horizontal coordinate and a width value, which allows remote attackers to cause a denial of service via crafted American Laser Games MM Video data. The cdg_decode_frame function in cdgraphics.c in libavcodec in FFmpeg before 1.2.1 does not validate the presence of non-header data in a buffer, which allows remote attackers to cause a denial of service via crafted CD Graphics Video data. The read_header function in libavcodec/ffv1dec.c in FFmpeg before 2.1 does not properly enforce certain bit-count and colorspace constraints, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted FFV1 data. The updated packages have been upgraded to the 0.10.15 version which is not vulnerable to these issues.

tags | advisory, remote, denial of service

systems | linux, mandriva

advisories | CVE-2013-0848, CVE-2013-0852, CVE-2013-0860, CVE-2013-3672, CVE-2013-3674, CVE-2013-7020

SHA-256 | cf41dc584dc8f69da805e217d05ba3652ca3aa212448252fb3fd5fc8f26c4777

Download | Favorite | View

Debian Security Advisory 3003-1

Posted Aug 11, 2014

Authored by Debian | Site debian.org

Debian Linux Security Advisory 3003-1 - Several security issues have been corrected in multiple demuxers and decoders of the libav multimedia library.

tags | advisory

systems | linux, debian

advisories | CVE-2011-3934, CVE-2011-3935, CVE-2011-3946, CVE-2013-0848, CVE-2013-0851, CVE-2013-0852, CVE-2013-0860, CVE-2013-0868, CVE-2013-3672, CVE-2013-3674, CVE-2014-2263

SHA-256 | 70339fe9c5d5fd5a410f2b3dabbca2412936ecc78d144f4d00c4a0c1f5267955

Download | Favorite | View