Advisories ยป MGASA-2020-0046

Updated ffmpeg packages fix security vulnerabilities

Publication date: 22 Jan 2020
Modification date: 22 Jan 2020
Type: security
Affected Mageia releases : 7
CVE: CVE-2019-17539 , CVE-2019-17542

Description

Updated ffmpeg packages fix security vulnerabilities:

This update provides ffmpeg version 4.1.5, which fixes several bugs, and
atleasst the follwing security vulnerabilities:

In FFmpeg before 4.2, avcodec_open2 in libavcodec/utils.c allows a NULL
pointer dereference and possibly unspecified other impact when there is
no valid close function pointer (CVE-2019-17539).

FFmpeg before 4.2 has a heap-based buffer overflow in vqa_decode_chunk
because of an out-of-array access in vqa_decode_init in libavcodec/
vqavideo.c (CVE-2019-17542).
                

References

SRPMS

7/core

7/tainted