Информационная безопасность
[RU] switch to English


Повреждения памяти в libav
Опубликовано:18 ноября 2013 г.
Источник:
SecurityVulns ID:13409
Тип:библиотека
Уровень опасности:
6/10
Описание:Повреждения памяти при разборе медиаформатов.
Затронутые продукты:LIBAV : libav 0.8
CVE:CVE-2013-0866 (The aac_decode_init function in libavcodec/aacdec.c in FFmpeg before 1.0.4 and 1.1.x before 1.1.2 allows remote attackers to have an unspecified impact via a large number of channels in an AAC file, which triggers an out-of-bounds array access.)
 CVE-2013-0858 (The atrac3_decode_init function in libavcodec/atrac3.c in FFmpeg before 1.0.4 allows remote attackers to have an unspecified impact via ATRAC3 data with the joint stereo coding mode set and fewer than two channels.)
 CVE-2013-0857 (The decode_frame_ilbm function in libavcodec/iff.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via a crafted height value in IFF PBM/ILBM bitmap data.)
 CVE-2013-0854 (The mjpeg_decode_scan_progressive_ac function in libavcodec/mjpegdec.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via crafted MJPEG data.)
 CVE-2013-0853 (The wavpack_decode_frame function in libavcodec/wavpack.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via crafted WavPack data, which triggers an out-of-bounds array access, possibly due to an off-by-one error.)
 CVE-2013-0850 (The decode_slice_header function in libavcodec/h264.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via crafted H.264 data, which triggers an out-of-bounds array access.)
 CVE-2013-0844 (Off-by-one error in the adpcm_decode_frame function in libavcodec/adpcm.c in FFmpeg before 1.0.4 allows remote attackers to have an unspecified impact via crafted DK4 data, which triggers an out-of-bounds array access.)
Оригинальный текстdocumentDEBIAN, [SECURITY] [DSA 2793-1] libav security update (18.11.2013)
 documentUBUNTU, [USN-2025-1] Libav vulnerabilities (18.11.2013)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород