| Errata ID | 223 |
|---|---|
| Date | 2017-11-21 |
| Source package | libav |
| Fixed in version | 6:11.11-1~deb8u1 |
| Description | This update addresses the following issues: * The smka_decode_frame function in libavcodec/smacker.c does not verify that the data size is consistent with the number of channels, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted Smacker data. (CVE-2015-8365) * Multiple integer overflows have been discovered in libav 11.8 and earlier, allowing remote attackers to cause a crash via a crafted MP3 file (CVE-2016-9821 CVE-2016-9822) * The decode_residual function in libavcodec allows remote attackers to cause a denial of service (buffer over-read) or obtain sensitive information from process memory via a crafted h264 video file. (CVE-2017-7208) * FFmpeg before 2017-02-07 has an out-of-bounds write caused by a heap-based buffer overflow related to the decode_frame function in libavcodec/pictordec.c. (CVE-2017-7862) * Heap-based buffer overflow in the decode_dds1 function in libavcodec/dfa.c allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file. (CVE-2017-9992) |
| Additional notes | |
| CVE ID | CVE-2015-8365 CVE-2016-9821 CVE-2016-9822 CVE-2017-7208 CVE-2017-7862 CVE-2017-9992 |
| UCS Bug number | #44659 |
