ffmpeg prior to 1.1.5 contains several security vulnerabilities * CVE-2013-3671: The format_line function in log.c in libavutil uses inapplicable offset data during a certain category calculation, which allows remote attackers to cause a denial of service (invalid pointer dereference and application crash) via crafted data that triggers a log message. * CVE-2013-3672: The mm_decode_inter function in mmvideo.c in libavcodec does not validate the relationship between a horizontal coordinate and a width value, which allows remote attackers to cause a denial of service (out-of-bounds array access and application crash) via crafted American Laser Games (ALG) MM Video data. * CVE-2013-3673: The gif_decode_frame function in gifdec.c in libavcodec does not properly manage the disposal methods of frames, which allows remote attackers to cause a denial of service (out-of-bounds array access and application crash) via crafted GIF data. * CVE-2013-3674: The cdg_decode_frame function in cdgraphics.c in libavcodec does not validate the presence of non-header data in a buffer, which allows remote attackers to cause a denial of service (out-of-bounds array access and application crash) via crafted CD Graphics Video data. The ffmpeg packages have been updated to fix above security vulnerabilities, with extra bugs-fixes.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Mageia | 3 | noarch | ffmpeg | < 1.1.5-1 | ffmpeg-1.1.5-1.mga3 |
Mageia | 3 | noarch | ffmpeg | < 1.1.5-1 | ffmpeg-1.1.5-1.mga3.tainted |