Mageia Linux Local Security Checks : Mageia: Security Advisory (MGASA-2013-0182)

Anfälligkeitssuche		Suche in 324607 CVE Beschreibungen und 145615 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Test Kennung: 1.3.6.1.4.1.25623.1.1.10.2013.0182

Kategorie: Mageia Linux Local Security Checks

Titel: Mageia: Security Advisory (MGASA-2013-0182)

Zusammenfassung: The remote host is missing an update for the 'ffmpeg' package(s) announced via the MGASA-2013-0182 advisory.

Beschreibung: Summary:
The remote host is missing an update for the 'ffmpeg' package(s) announced via the MGASA-2013-0182 advisory.

Vulnerability Insight:
ffmpeg prior to 1.1.5 contains several security vulnerabilities

* CVE-2013-3671:
The format_line function in log.c in libavutil uses inapplicable offset
data during a certain category calculation, which allows remote attackers
to cause a denial of service (invalid pointer dereference and application
crash) via crafted data that triggers a log message.

* CVE-2013-3672:
The mm_decode_inter function in mmvideo.c in libavcodec does not validate
the relationship between a horizontal coordinate and a width value, which
allows remote attackers to cause a denial of service (out-of-bounds array
access and application crash) via crafted American Laser Games (ALG) MM
Video data.

* CVE-2013-3673:
The gif_decode_frame function in gifdec.c in libavcodec does not properly
manage the disposal methods of frames, which allows remote attackers to
cause a denial of service (out-of-bounds array access and application crash)
via crafted GIF data.

* CVE-2013-3674:
The cdg_decode_frame function in cdgraphics.c in libavcodec does not validate
the presence of non-header data in a buffer, which allows remote attackers to
cause a denial of service (out-of-bounds array access and application crash)
via crafted CD Graphics Video data.

The ffmpeg packages have been updated to fix above security vulnerabilities,
with extra bugs-fixes.

Affected Software/OS:
'ffmpeg' package(s) on Mageia 3.

Solution:
Please install the updated package(s).

CVSS Score:
4.3

CVSS Vector:
AV:N/AC:M/Au:N/C:N/I:N/A:P

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2013-3671
Common Vulnerability Exposure (CVE) ID: CVE-2013-3672
http://www.mandriva.com/security/advisories?name=MDVSA-2014:227
Common Vulnerability Exposure (CVE) ID: CVE-2013-3673
Common Vulnerability Exposure (CVE) ID: CVE-2013-3674

Copyright Copyright (C) 2022 Greenbone AG

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Test Kennung:	1.3.6.1.4.1.25623.1.1.10.2013.0182
Kategorie:	Mageia Linux Local Security Checks
Titel:	Mageia: Security Advisory (MGASA-2013-0182)
Zusammenfassung:	The remote host is missing an update for the 'ffmpeg' package(s) announced via the MGASA-2013-0182 advisory.
Beschreibung:	Summary: The remote host is missing an update for the 'ffmpeg' package(s) announced via the MGASA-2013-0182 advisory. Vulnerability Insight: ffmpeg prior to 1.1.5 contains several security vulnerabilities * CVE-2013-3671: The format_line function in log.c in libavutil uses inapplicable offset data during a certain category calculation, which allows remote attackers to cause a denial of service (invalid pointer dereference and application crash) via crafted data that triggers a log message. * CVE-2013-3672: The mm_decode_inter function in mmvideo.c in libavcodec does not validate the relationship between a horizontal coordinate and a width value, which allows remote attackers to cause a denial of service (out-of-bounds array access and application crash) via crafted American Laser Games (ALG) MM Video data. * CVE-2013-3673: The gif_decode_frame function in gifdec.c in libavcodec does not properly manage the disposal methods of frames, which allows remote attackers to cause a denial of service (out-of-bounds array access and application crash) via crafted GIF data. * CVE-2013-3674: The cdg_decode_frame function in cdgraphics.c in libavcodec does not validate the presence of non-header data in a buffer, which allows remote attackers to cause a denial of service (out-of-bounds array access and application crash) via crafted CD Graphics Video data. The ffmpeg packages have been updated to fix above security vulnerabilities, with extra bugs-fixes. Affected Software/OS: 'ffmpeg' package(s) on Mageia 3. Solution: Please install the updated package(s). CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2013-3671 Common Vulnerability Exposure (CVE) ID: CVE-2013-3672 http://www.mandriva.com/security/advisories?name=MDVSA-2014:227 Common Vulnerability Exposure (CVE) ID: CVE-2013-3673 Common Vulnerability Exposure (CVE) ID: CVE-2013-3674
Copyright	Copyright (C) 2022 Greenbone AG