Advisories ยป MGASA-2014-0473

Updated ffmpeg packages fix security vulnerabilities

Publication date: 21 Nov 2014
Modification date: 21 Nov 2014
Type: security
Affected Mageia releases : 3
CVE: CVE-2014-5271 , CVE-2014-5272

Description

A heap-based buffer overflow in the encode_slice function in
libavcodec/proresenc_kostya.c in FFmpeg before 1.1.14 can cause a crash,
allowing a malicious image file to cause a denial of service (CVE-2014-5271).

libavcodec/iff.c in FFmpeg before 1.1.14 allows an attacker to have an
unspecified impact via a crafted iff image, which triggers an out-of-bounds
array access, related to the rgb8 and rgbn formats (CVE-2014-5272).
                

References

SRPMS

3/tainted

3/core