Test Kennung:	1.3.6.1.4.1.25623.1.1.10.2015.0233
Kategorie:	Mageia Linux Local Security Checks
Titel:	Mageia: Security Advisory (MGASA-2015-0233)
Zusammenfassung:	The remote host is missing an update for the 'avidemux' package(s) announced via the MGASA-2015-0233 advisory.
Beschreibung:	Summary: The remote host is missing an update for the 'avidemux' package(s) announced via the MGASA-2015-0233 advisory. Vulnerability Insight: Updated avidemux packages fix security vulnerabilities: The mjpeg_decode_app function in libavcodec/mjpegdec.c in FFMpeg before 1.2.11 allows remote attackers to cause a denial of service (out-of-bounds heap access) and possibly have other unspecified impact via vectors related to LJIF tags in an MJPEG file (CVE-2014-9316). The decode_ihdr_chunk function in libavcodec/pngdec.c in FFMpeg before 1.2.11 allows remote attackers to cause a denial of service (out-of-bounds heap access) and possibly have other unspecified impact via an IDAT before an IHDR in a PNG file (CVE-2014-9317). The vmd_decode function in libavcodec/vmdvideo.c in FFmpeg before 1.2.11 does not validate the relationship between a certain length value and the frame width, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted Sierra VMD video data (CVE-2014-9603). libavcodec/utvideodec.c in FFmpeg before 1.2.11 does not check for a zero value of a slice height, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted Ut Video data, related to the restore_median and restore_median_il functions (CVE-2014-9604). An attacker can force a read at an invalid address in mjpegdec.c of FFmpeg, in order to trigger a denial of service (CVE-2015-1872). Use-after-free vulnerability in the ff_h264_free_tables function in libavcodec/h264.c in FFmpeg before 1.2.11 allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted H.264 data in an MP4 file, as demonstrated by an HTML VIDEO element that references H.264 data (CVE-2015-3417). Avidemux is built with a bundled set of FFmpeg libraries. The bundled FFmpeg version has been updated from 1.2.10 to 1.2.12 to fix these security issues and other bugs fixed upstream in FFmpeg. Affected Software/OS: 'avidemux' package(s) on Mageia 4. Solution: Please install the updated package(s). CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2014-9316 https://security.gentoo.org/glsa/201603-06 Common Vulnerability Exposure (CVE) ID: CVE-2014-9317 https://lists.debian.org/debian-lts-announce/2018/12/msg00009.html Common Vulnerability Exposure (CVE) ID: CVE-2014-9603 Common Vulnerability Exposure (CVE) ID: CVE-2014-9604 http://www.ubuntu.com/usn/USN-2534-1 Common Vulnerability Exposure (CVE) ID: CVE-2015-1872 BugTraq ID: 72644 http://www.securityfocus.com/bid/72644 https://lists.debian.org/debian-lts-announce/2019/03/msg00041.html http://www.securitytracker.com/id/1033078 http://www.ubuntu.com/usn/USN-2944-1 Common Vulnerability Exposure (CVE) ID: CVE-2015-3417 BugTraq ID: 74385 http://www.securityfocus.com/bid/74385 Debian Security Information: DSA-3288 (Google Search) http://www.debian.org/security/2015/dsa-3288 http://seclists.org/fulldisclosure/2015/Apr/31 https://security.gentoo.org/glsa/201705-08 http://www.securitytracker.com/id/1032198
Copyright	Copyright (C) 2022 Greenbone AG

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.