MGASA-2024-0248

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2024-0248.html

Import Source

https://advisories.mageia.org/MGASA-2024-0248.json

JSON Data

https://api.test.osv.dev/v1/vulns/MGASA-2024-0248

Related

Published

2024-07-01T17:53:27Z

Modified

2024-07-01T17:24:40Z

Summary

Updated ffmpeg packages fix security vulnerabilities

Details

Buffer Overflow vulnerability in Ffmpeg v.n6.1-3-g466799d4f5 allows a local attacker to execute arbitrary code via the setencoderid function in /fftools/ffmpegenc.c component. (CVE-2023-50010) Buffer Overflow vulnerability in Ffmpeg v.N113007-g8d24a28d06 allows a local attacker to execute arbitrary code via the libavutil/imgutils.c:353:9 in imagecopyplane. (CVE-2023-51793) Buffer Overflow vulnerability in Ffmpeg v.N113007-g8d24a28d06 allows a local attacker to execute arbitrary code via the libavfilter/afstereowiden.c:120:69. (CVE-2023-51794) Buffer Overflow vulnerability in Ffmpeg v.N113007-g8d24a28d06 allows a local attacker to execute arbitrary code via the libavfilter/avfshowspectrum.c:1789:52 component in showspectrumpicrequestframe. (CVE-2023-51795) Buffer Overflow vulnerability in Ffmpeg v.N113007-g8d24a28d06 allows a local attacker to execute arbitrary code via a floating point exception (FPE) error at libavfilter/vfminterpolate.c:1078:60 in interpolate. (CVE-2023-51798) FFmpeg version n5.1 to n6.1 was discovered to contain an Off-by-one Error vulnerability in libavfilter/avf_showspectrum.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. (CVE-2024-31585)

References

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

MGASA-2024-0248

Affected packages