Updated ffmpeg packages fix security vulnerabilities
Publication date: 09 Sep 2024Modification date: 09 Sep 2024
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-7055 , CVE-2024-7272
Description
A vulnerability was found in FFmpeg up to 7.0.1. It has been classified as critical. This affects the function pnm_decode_frame in the library /libavcodec/pnmdec.c. The manipulation leads to heap-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. (CVE-2024-7055) A vulnerability, which was classified as critical, was found in FFmpeg up to 5.1.5. This affects the function fill_audiodata of the file /libswresample/swresample.c. The manipulation leads to heap-based buffer overflow. It is possible to initiate the attack remotely. (CVE-2024-7272)
References
SRPMS
9/tainted
- ffmpeg-5.1.6-1.mga9.tainted
9/core
- ffmpeg-5.1.6-1.mga9