| Errata ID | 592 |
|---|---|
| Date | 2019-02-06 |
| Source package | libav |
| Fixed in version | 6:11.12-1~deb8u5 |
| Description | This update addresses the following issues: * libavcodec/utils.c omits a certain codec ID during enforcement of alignment, which allows remote attackers to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via crafted JV data. (CVE-2014-8542) * Double-free vulnerability in libavformat/mov.c allows remote attackers to cause a denial of service (memory corruption and crash) via a crafted .m4a file. (CVE-2015-1207) * FFmpeg has an out-of-bounds write caused by a heap-based buffer overflow related to the decode_frame_common function in libavcodec/pngdec.c. (CVE-2017-7863) * FFmpeg has an out-of-bounds write caused by a heap-based buffer overflow related to the ipvideo_decode_block_opcode_0xA function in libavcodec/interplayvideo.c and the avcodec_align_dimensions2 function in libavcodec/utils.c. (CVE-2017-7865) * In the mxf_read_primer_pack function in libavformat/mxfdec.c an integer signedness error might occur when a crafted file, which claims a large "item_num" field such as 0xffffffff, is provided. As a result, the variable "item_num" turns negative, bypassing the check for a large value. (CVE-2017-14169) * In libavformat/asfdec_f.c, a DoS in asf_build_simple_index() due to lack of an EOF (End of File) check might cause huge CPU consumption. When a crafted ASF file, which claims a large "ict" field in the header but does not contain sufficient backing data, is provided, the for loop would consume huge CPU and memory resources, since there is no EOF check inside the loop. (CVE-2017-14223) |
| Additional notes | |
| CVE ID | CVE-2014-8542 CVE-2015-1207 CVE-2017-7863 CVE-2017-7865 CVE-2017-14169 CVE-2017-14223 |
| UCS Bug number | #48598 |
