Информационная безопасность
[RU] switch to English


Многочисленные уязвимости безопасности в ffmpeg / libav
Опубликовано:14 июля 2014 г.
Источник:
SecurityVulns ID:13864
Тип:библиотека
Уровень опасности:
7/10
Описание:Целочисленные переполнения, повреждения памяти, переполнения буфера и т.д.
Затронутые продукты:LIBAV : libav 0.8
 FFMPEG : FFmpeg 2.1
CVE:CVE-2014-4610
 CVE-2014-4609
 CVE-2014-2263 (The mpegts_write_pmt function in the MPEG2 transport stream (aka DVB) muxer (libavformat/mpegtsenc.c) in FFmpeg, possibly 2.1 and earlier, allows remote attackers to have unspecified impact and vectors, which trigger an out-of-bounds write.)
 CVE-2014-2099 (The msrle_decode_frame function in libavcodec/msrle.c in FFmpeg before 2.1.4 does not properly calculate line sizes, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted Microsoft RLE video data.)
 CVE-2014-2098 (libavcodec/wmalosslessdec.c in FFmpeg before 2.1.4 uses an incorrect data-structure size for certain coefficients, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via crafted WMA data.)
 CVE-2012-5150 (Use-after-free vulnerability in Google Chrome before 24.0.1312.52 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving seek operations on video data.)
 CVE-2012-2795 (Multiple unspecified vulnerabilities in libavcodec/wmalosslessdec.c in FFmpeg before 0.11 have unknown impact and attack vectors related to (1) size of "mclms arrays," (2) "a get_bits(0) in decode_ac_filter," and (3) "too many bits in decode_channel_residues().")
Оригинальный текстdocumentMANDRIVA, [ MDVSA-2014:129 ] ffmpeg (14.07.2014)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород