MGASA-2014-0473

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2014-0473.html

Import Source

https://advisories.mageia.org/MGASA-2014-0473.json

JSON Data

https://api.test.osv.dev/v1/vulns/MGASA-2014-0473

Related

CVE-2014-5271
CVE-2014-5272

Published

2014-11-21T12:44:16Z

Modified

2014-11-21T12:21:14Z

Summary

Updated ffmpeg packages fix security vulnerabilities

Details

A heap-based buffer overflow in the encodeslice function in libavcodec/proresenckostya.c in FFmpeg before 1.1.14 can cause a crash, allowing a malicious image file to cause a denial of service (CVE-2014-5271).

libavcodec/iff.c in FFmpeg before 1.1.14 allows an attacker to have an unspecified impact via a crafted iff image, which triggers an out-of-bounds array access, related to the rgb8 and rgbn formats (CVE-2014-5272).

References

https://advisories.mageia.org/MGASA-2014-0473.html
https://bugs.mageia.org/show_bug.cgi?id=14556
http://git.videolan.org/?p=ffmpeg.git;a=log;h=n1.1.14
http://ffmpeg.org/olddownload.html
http://ffmpeg.org/security.html
http://openwall.com/lists/oss-security/2014/08/16/6

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

MGASA-2014-0473

Affected packages