Updated ffmpeg packages fix security vulnerabilities
Publication date: 22 Jan 2020Modification date: 22 Jan 2020
Type: security
Affected Mageia releases : 7
CVE: CVE-2019-17539 , CVE-2019-17542
Description
Updated ffmpeg packages fix security vulnerabilities: This update provides ffmpeg version 4.1.5, which fixes several bugs, and atleasst the follwing security vulnerabilities: In FFmpeg before 4.2, avcodec_open2 in libavcodec/utils.c allows a NULL pointer dereference and possibly unspecified other impact when there is no valid close function pointer (CVE-2019-17539). FFmpeg before 4.2 has a heap-based buffer overflow in vqa_decode_chunk because of an out-of-array access in vqa_decode_init in libavcodec/ vqavideo.c (CVE-2019-17542).
References
SRPMS
7/core
- ffmpeg-4.1.5-1.mga7
7/tainted
- ffmpeg-4.1.5-1.mga7.tainted