/[advisories]/10506.adv
ViewVC logotype

Annotation of /10506.adv

Parent Directory Parent Directory | Revision Log Revision Log


Revision 77 - (hide annotations) (download)
Wed Jun 26 08:28:21 2013 UTC (7 years, 3 months ago) by claire
File size: 1705 byte(s)
Adding sec advisory for ffmpeg bug 10506
1 claire 77 type: security
2     subject: Updated ffmpeg packages fix several security vulnerabilities
3     CVE:
4     - CVE-2013-3671
5     - CVE-2013-3672
6     - CVE-2013-3673
7     - CVE-2013-3674
8     src:
9     3:
10     core:
11     - ffmpeg-1.1.5-1.mga3
12     tainted:
13     - ffmpeg-1.1.5-1.mga3.tainted
14     description: |
15     ffmpeg prior to 1.1.5 contains several security vulnerabilities
16    
17     * CVE-2013-3671:
18     The format_line function in log.c in libavutil uses inapplicable offset
19     data during a certain category calculation, which allows remote attackers
20     to cause a denial of service (invalid pointer dereference and application
21     crash) via crafted data that triggers a log message.
22    
23     * CVE-2013-3672:
24     The mm_decode_inter function in mmvideo.c in libavcodec does not validate
25     the relationship between a horizontal coordinate and a width value, which
26     allows remote attackers to cause a denial of service (out-of-bounds array
27     access and application crash) via crafted American Laser Games (ALG) MM
28     Video data.
29    
30     * CVE-2013-3673:
31     The gif_decode_frame function in gifdec.c in libavcodec does not properly
32     manage the disposal methods of frames, which allows remote attackers to
33     cause a denial of service (out-of-bounds array access and application crash)
34     via crafted GIF data.
35    
36     * CVE-2013-3674:
37     The cdg_decode_frame function in cdgraphics.c in libavcodec does not validate
38     the presence of non-header data in a buffer, which allows remote attackers to
39     cause a denial of service (out-of-bounds array access and application crash)
40     via crafted CD Graphics Video data.
41    
42     The ffmpeg packages have been updated to fix above security vulnerabilities,
43     with extra bugs-fixes.
44     references:
45     - https://bugs.mageia.org/show_bug.cgi?id=10506

  ViewVC Help
Powered by ViewVC 1.1.28