/[advisories]/10506.adv
ViewVC logotype

Contents of /10506.adv

Parent Directory Parent Directory | Revision Log Revision Log


Revision 94 - (show annotations) (download)
Wed Jun 26 18:09:14 2013 UTC (4 years, 1 month ago) by boklm
File size: 1725 byte(s)
MGASA-2013-0182
1 type: security
2 subject: Updated ffmpeg packages fix several security vulnerabilities
3 CVE:
4 - CVE-2013-3671
5 - CVE-2013-3672
6 - CVE-2013-3673
7 - CVE-2013-3674
8 src:
9 3:
10 core:
11 - ffmpeg-1.1.5-1.mga3
12 tainted:
13 - ffmpeg-1.1.5-1.mga3.tainted
14 description: |
15 ffmpeg prior to 1.1.5 contains several security vulnerabilities
16
17 * CVE-2013-3671:
18 The format_line function in log.c in libavutil uses inapplicable offset
19 data during a certain category calculation, which allows remote attackers
20 to cause a denial of service (invalid pointer dereference and application
21 crash) via crafted data that triggers a log message.
22
23 * CVE-2013-3672:
24 The mm_decode_inter function in mmvideo.c in libavcodec does not validate
25 the relationship between a horizontal coordinate and a width value, which
26 allows remote attackers to cause a denial of service (out-of-bounds array
27 access and application crash) via crafted American Laser Games (ALG) MM
28 Video data.
29
30 * CVE-2013-3673:
31 The gif_decode_frame function in gifdec.c in libavcodec does not properly
32 manage the disposal methods of frames, which allows remote attackers to
33 cause a denial of service (out-of-bounds array access and application crash)
34 via crafted GIF data.
35
36 * CVE-2013-3674:
37 The cdg_decode_frame function in cdgraphics.c in libavcodec does not validate
38 the presence of non-header data in a buffer, which allows remote attackers to
39 cause a denial of service (out-of-bounds array access and application crash)
40 via crafted CD Graphics Video data.
41
42 The ffmpeg packages have been updated to fix above security vulnerabilities,
43 with extra bugs-fixes.
44 references:
45 - https://bugs.mageia.org/show_bug.cgi?id=10506
46 ID: MGASA-2013-0182

  ViewVC Help
Powered by ViewVC 1.1.26