MGASA-2014-0281

A use-after-free vulnerability in FFmpeg before 1.1.9 involving seek operations on video data could allow remote attackers to cause a denial of service (CVE-2012-5150).

The takdecodeframe function in libavcodec/takdec.c in FFmpeg before 1.1.9 does not properly validate a certain bits-per-sample value, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted TAK (aka Tom's lossless Audio Kompressor) data (CVE-2014-2097).

libavcodec/wmalosslessdec.c in FFmpeg before 1.1.9 uses an incorrect data-structure size for certain coefficients, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via crafted WMA data (CVE-2014-2098).

The msrledecodeframe function in libavcodec/msrle.c in FFmpeg before 1.1.9 does not properly calculate line sizes, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted Microsoft RLE video data (CVE-2014-2099).

The mpegtswritepmt function in the MPEG2 transport stream (aka DVB) muxer (libavformat/mpegtsenc.c) in FFmpeg before 1.1.9 allows remote attackers to have unspecified impact and vectors, which trigger an out-of-bounds write (CVE-2014-2263).

An integer overflow in LZO decompression in FFmpeg before 1.1.12 allows remote attackers to have an unspecified impact by embedding compressed data in a video file (CVE-2014-4610).

This updates provides ffmpeg version 1.1.12, which fixes these issues and several other bugs which were corrected upstream.