3 captures
05 Sep 2015 - 07 Dec 2016
Aug SEP Oct
05
2014 2015 2016
success
fail

About this capture

COLLECTED BY

Organization: Internet Archive

The Internet Archive discovers and captures web pages through many different web crawls. At any given time several distinct crawls are running, some for months, and some every day or longer. View the web archive through the Wayback Machine.

Collection: Wide Crawl Number 13

Web Wide Crawl Number 13
TIMESTAMPS

The Wayback Machine - http://web.archive.org/web/20150905102414/http://lwn.net/Alerts/648682/
  
LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for September 3, 2015

Debsources as a platform

LWN.net Weekly Edition for August 27, 2015

Reviving the Hershey fonts

Glibc wrappers for (nearly all) Linux system calls

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Mageia alert MGASA-2015-0245 (ffmpeg)




From:
           Mageia Updates <buildsystem-daemon@mageia.org> 


To:
           updates-announce@ml.mageia.org 


Subject:
           [updates-announce] MGASA-2015-0245: Updated ffmpeg package fixes security vulnerability 


Date:
           Fri, 19 Jun 2015 15:33:31 +0200


Message-ID:
           <20150619133331.CB26440F4E@valstar.mageia.org>

MGASA-2015-0245 - Updated ffmpeg package fixes security vulnerability Publication date: 19 Jun 2015 URL: http://advisories.mageia.org/MGASA-2015-0245.html Type: security Affected Mageia releases: 4 CVE: CVE-2014-9316, CVE-2014-9317, CVE-2014-9318, CVE-2014-9603, CVE-2014-9604, CVE-2015-1872, CVE-2015-3395, CVE-2015-3417 Description: The mjpeg_decode_app function in libavcodec/mjpegdec.c in FFMpeg before 2.0.7 allows remote attackers to cause a denial of service (out-of-bounds heap access) and possibly have other unspecified impact via vectors related to LJIF tags in an MJPEG file (CVE-2014-9316). The decode_ihdr_chunk function in libavcodec/pngdec.c in FFMpeg before 2.0.7 allows remote attackers to cause a denial of service (out-of-bounds heap access) and possibly have other unspecified impact via an IDAT before an IHDR in a PNG file (CVE-2014-9317). The raw_decode function in libavcodec/rawdec.c in FFMpeg before 2.0.7 allows remote attackers to cause a denial of service (out-of-bounds heap access) and possibly have other unspecified impact via a crafted .cine file that triggers the avpicture_get_size function to return a negative frame size (CVE-2014-9318). The vmd_decode function in libavcodec/vmdvideo.c in FFmpeg before 2.0.7 does not validate the relationship between a certain length value and the frame width, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted Sierra VMD video data (CVE-2014-9603). libavcodec/utvideodec.c in FFmpeg before 2.0.7 does not check for a zero value of a slice height, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted Ut Video data, related to the restore_median and restore_median_il functions (CVE-2014-9604). An attacker can force a read at an invalid address in mjpegdec.c of FFmpeg, in order to trigger a denial of service (CVE-2015-1872). The msrle_decode_pal4 function in libavcodec/msrledec.c in FFmpeg before 2.0.7 has an out-of-bounds array access that may allow remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted BMP file (CVE-2015-3395). Use-after-free vulnerability in the ff_h264_free_tables function in libavcodec/h264.c in FFmpeg before 2.0.7 allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted H.264 data in an MP4 file, as demonstrated by an HTML VIDEO element that references H.264 data (CVE-2015-3417). References: - https://bugs.mageia.org/show_bug.cgi?id=15502 - http://vigilance.fr/vulnerability/FFmpeg-unreachable-memo... - http://git.videolan.org/?p=ffmpeg.git;a=log;h=n2.0.7 - http://ffmpeg.org/olddownload.html - http://ffmpeg.org/security.html - http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9316 - http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9317 - http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9318 - http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9603 - http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9604 - http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1872 - http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3395 - http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3417 SRPMS: - 4/core/ffmpeg-2.0.7-1.mga4 - 4/tainted/ffmpeg-2.0.7-1.mga4.tainted

(Log in to post comments)


Copyright © 2015, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds