Информационная безопасность
[RU] switch to English


Многочисленные уязвимости безопасности в библиотеке ffmpeg
Опубликовано:9 января 2012 г.
Источник:
SecurityVulns ID:12129
Тип:удаленная
Уровень опасности:
6/10
Описание:Многочисленные повреждения памяти при разборе форматов QDM2, VP5, VP6, VMD и SVQ1.
CVE:CVE-2011-4579 (The svq1_decode_frame function in the SVQ1 decoder (svq1dec.c) in libavcodec in FFmpeg 0.5.x before 0.5.7, 0.6.x before 0.6.4, 0.7.x before 0.7.9, and 0.8.x before 0.8.8; and in Libav 0.5.x before 0.5.6, 0.6.x before 0.6.4, and 0.7.x before 0.7.3 allows remote attackers to cause a denial of service (memory corruption) via a crafted SVQ1 stream, related to "dimensions changed.")
 CVE-2011-4364 (Buffer overflow in the Sierra VMD decoder in libavcodec in FFmpeg 0.5.x before 0.5.7, 0.6.x before 0.6.4, 0.7.x before 0.7.9 and 0.8.x before 0.8.8; and in Libav 0.5.x before 0.5.6, 0.6.x before 0.6.4, and 0.7.x before 0.7.3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted VMD file, related to corrupted streams.)
 CVE-2011-4353 (The (1) av_image_fill_pointers, (2) vp5_parse_coeff, and (3) vp6_parse_coeff functions in FFmpeg 0.5.x before 0.5.7, 0.6.x before 0.6.4, 0.7.x before 0.7.9, and 0.8.x before 0.8.8; and in Libav 0.5.x before 0.5.6, 0.6.x before 0.6.4, and 0.7.x before 0.7.3 allow remote attackers to cause a denial of service (out-of-bounds read) via a crafted VP5 or VP6 stream.)
 CVE-2011-4351 (Buffer overflow in FFmpeg before 0.5.6, 0.6.x before 0.6.4, 0.7.x before 0.7.8, and 0.8.x before 0.8.8 allows remote attackers to execute arbitrary code via unspecified vectors.)
Оригинальный текстdocumentDEBIAN, [SECURITY] [DSA 2378-1] ffmpeg security update (09.01.2012)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород