Advisories ยป MGASA-2024-0283

Updated ffmpeg packages fix security vulnerabilities

Publication date: 09 Sep 2024
Modification date: 09 Sep 2024
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-7055 , CVE-2024-7272

Description

A vulnerability was found in FFmpeg up to 7.0.1. It has been classified
as critical. This affects the function pnm_decode_frame in the library
/libavcodec/pnmdec.c. The manipulation leads to heap-based buffer
overflow. It is possible to initiate the attack remotely. The exploit
has been disclosed to the public and may be used. (CVE-2024-7055)
A vulnerability, which was classified as critical, was found in FFmpeg
up to 5.1.5. This affects the function fill_audiodata of the file
/libswresample/swresample.c. The manipulation leads to heap-based buffer
overflow. It is possible to initiate the attack remotely.
(CVE-2024-7272)
                

References

SRPMS

9/tainted

9/core