Advisories ยป MGASA-2014-0280

Updated ffmpeg packages fix security vulnerabilities

Publication date: 04 Jul 2014
Modification date: 04 Jul 2014
Type: security
Affected Mageia releases : 4
CVE: CVE-2014-2097 , CVE-2014-2098 , CVE-2014-2099 , CVE-2014-2263 , CVE-2014-4610

Description

The tak_decode_frame function in libavcodec/takdec.c in FFmpeg before
2.0.4 does not properly validate a certain bits-per-sample value, which
allows remote attackers to cause a denial of service (out-of-bounds array
access) or possibly have unspecified other impact via crafted TAK (aka
Tom's lossless Audio Kompressor) data (CVE-2014-2097).

libavcodec/wmalosslessdec.c in FFmpeg before 2.0.4 uses an incorrect
data-structure size for certain coefficients, which allows remote
attackers to cause a denial of service (memory corruption) or possibly
have unspecified other impact via crafted WMA data (CVE-2014-2098).

The msrle_decode_frame function in libavcodec/msrle.c in FFmpeg before
2.0.4 does not properly calculate line sizes, which allows remote
attackers to cause a denial of service (out-of-bounds array access) or
possibly have unspecified other impact via crafted Microsoft RLE video
data (CVE-2014-2099).

The mpegts_write_pmt function in the MPEG2 transport stream (aka DVB)
muxer (libavformat/mpegtsenc.c) in FFmpeg before 2.0.4 allows remote
attackers to have unspecified impact and vectors, which trigger an
out-of-bounds write (CVE-2014-2263).

An integer overflow in LZO decompression in FFmpeg before 2.0.5 allows
remote attackers to have an unspecified impact by embedding compressed
data in a video file (CVE-2014-4610).

This updates provides ffmpeg version 2.0.5, which fixes these issues
and several other bugs which were corrected upstream.
                

References

SRPMS

4/tainted

4/core