Mandriva Linux Security Advisory : ffmpeg (MDVSA-2013:079)

Updated ffmpeg packages fix security vulnerabilities : h264: Add check for invalid chromaformatidc CVE-2012-0851 h263dec: Disallow width/height changing with frame threads CVE-2011-3937 vc1dec: check that coded slice positions and interlacing match. This fixes out of array writes CVE-2012-2796...

CVE-2012-2791

Multiple unspecified vulnerabilities in the 1 decodebandhdr function in indeo4.c and 2 ffividecodeblocks function in ivicommon.c in libavcodec/ in FFmpeg before 0.11, and Libav 0.7.x before 0.7.7 and 0.8.x before 0.8.5, have unknown impact and attack vectors, related to the "transform size."...

Design/Logic Flaw

Unspecified vulnerability in the decodeframe function in libavcodec/indeo4.c in FFmpeg before 0.11 and Libav 0.8.x before 0.8.4 has unknown impact and attack vectors, related to the "setup width/height."...

CVE-2012-2787

Unspecified vulnerability in the decodeframe function in libavcodec/indeo4.c in FFmpeg before 0.11 and Libav 0.8.x before 0.8.4 has unknown impact and attack vectors, related to the "setup width/height."...

CVE-2012-2787

CVE-2012-2787 affects FFmpeg/libav indeo4 decoder. The vulnerability is tied to the decode_frame path in indeo4.c and width/height handling during size changes, with the impact and vectors not fully quantified in the primary entry. Mandriva’s advisory MDVSA-2013:079 confirms CVE-2012-2787 and sta...

CVE-2012-2787

Unspecified vulnerability in the decodeframe function in libavcodec/indeo4.c in FFmpeg before 0.11 and Libav 0.8.x before 0.8.4 has unknown impact and attack vectors, related to the "setup width/height."...