Updated ffmpeg packages fix security vulnerabilities
Publication date: 21 Nov 2014Modification date: 21 Nov 2014
Type: security
Affected Mageia releases : 3
CVE: CVE-2014-5271 , CVE-2014-5272
Description
A heap-based buffer overflow in the encode_slice function in
libavcodec/proresenc_kostya.c in FFmpeg before 1.1.14 can cause a crash,
allowing a malicious image file to cause a denial of service (CVE-2014-5271).
libavcodec/iff.c in FFmpeg before 1.1.14 allows an attacker to have an
unspecified impact via a crafted iff image, which triggers an out-of-bounds
array access, related to the rgb8 and rgbn formats (CVE-2014-5272).
References
- https://bugs.mageia.org/show_bug.cgi?id=14556
- http://git.videolan.org/?p=ffmpeg.git;a=log;h=n1.1.14
- http://ffmpeg.org/olddownload.html
- http://ffmpeg.org/security.html
- http://openwall.com/lists/oss-security/2014/08/16/6
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5271
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5272
SRPMS
3/core
- ffmpeg-1.1.14-1.mga3
3/tainted
- ffmpeg-1.1.14-1.mga3.tainted