English | Deutsch | Español
 
Startseite ▼
Startseite Über uns Kontact Datenschutz Partnerprogramme Zeugnisse In der Presse Mailinglisten Missbrauch Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Sicherheits
Überprüfungs ▼
Home Dediziert Erweitert Standard Wiederkehrend Risikolos Desktop Basis Sicherheits Segal FAQ Preis/Funktionszusammenfassung Bestellen Neue Anfälligkeiten Alle Anfälligkeiten Vertraulichkeit Anfälligkeiten Suche Durchführen Terminkalender IP Permissions Maßgeschneidert Warteschlange Erinnerer Siegel Berichte Berichts Stil
Verwaltetes
DNS ▼
Info Bestellen/Erneuern FAQ AUP Dynamic DNS Clients
Domaine konfigurieren Dyanmic DNS Update Password
Netzwerk
Überwachung ▼
Enterprise Erweiterte Standard Gratis Test FAQ Preis/Funktionszusammenfassung Bestellen Beispiele
Konfigurieren/Status Alarm Profile
Recherce
Berichte ▼
Home FAQ Glossary Archive
 Anmeldung/Registrierung 
 
 Anfälligkeitssuche        Suche in 324607 CVE Beschreibungen
und 145615 Test Beschreibungen,
Zugriff auf 10,000+ Quellverweise.
Tests   CVE   Alle  

Test Kennung:1.3.6.1.4.1.25623.1.1.10.2015.0245
Kategorie:Mageia Linux Local Security Checks
Titel:Mageia: Security Advisory (MGASA-2015-0245)
Zusammenfassung:The remote host is missing an update for the 'ffmpeg' package(s) announced via the MGASA-2015-0245 advisory.
Beschreibung:Summary:
The remote host is missing an update for the 'ffmpeg' package(s) announced via the MGASA-2015-0245 advisory.

Vulnerability Insight:
The mjpeg_decode_app function in libavcodec/mjpegdec.c in FFMpeg before 2.0.7
allows remote attackers to cause a denial of service (out-of-bounds heap
access) and possibly have other unspecified impact via vectors related to
LJIF tags in an MJPEG file (CVE-2014-9316).

The decode_ihdr_chunk function in libavcodec/pngdec.c in FFMpeg before 2.0.7
allows remote attackers to cause a denial of service (out-of-bounds heap
access) and possibly have other unspecified impact via an IDAT before an IHDR
in a PNG file (CVE-2014-9317).

The raw_decode function in libavcodec/rawdec.c in FFMpeg before 2.0.7 allows
remote attackers to cause a denial of service (out-of-bounds heap access) and
possibly have other unspecified impact via a crafted .cine file that triggers
the avpicture_get_size function to return a negative frame size
(CVE-2014-9318).

The vmd_decode function in libavcodec/vmdvideo.c in FFmpeg before 2.0.7 does
not validate the relationship between a certain length value and the frame
width, which allows remote attackers to cause a denial of service
(out-of-bounds array access) or possibly have unspecified other impact via
crafted Sierra VMD video data (CVE-2014-9603).

libavcodec/utvideodec.c in FFmpeg before 2.0.7 does not check for a zero
value of a slice height, which allows remote attackers to cause a denial of
service (out-of-bounds array access) or possibly have unspecified other
impact via crafted Ut Video data, related to the restore_median and
restore_median_il functions (CVE-2014-9604).

An attacker can force a read at an invalid address in mjpegdec.c of FFmpeg,
in order to trigger a denial of service (CVE-2015-1872).

The msrle_decode_pal4 function in libavcodec/msrledec.c in FFmpeg before
2.0.7 has an out-of-bounds array access that may allow remote attackers to
cause a denial of service or possibly have unspecified other impact via a
crafted BMP file (CVE-2015-3395).

Use-after-free vulnerability in the ff_h264_free_tables function in
libavcodec/h264.c in FFmpeg before 2.0.7 allows remote attackers to cause a
denial of service or possibly have unspecified other impact via crafted H.264
data in an MP4 file, as demonstrated by an HTML VIDEO element that references
H.264 data (CVE-2015-3417).

Affected Software/OS:
'ffmpeg' package(s) on Mageia 4.

Solution:
Please install the updated package(s).

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2014-9316
https://security.gentoo.org/glsa/201603-06
Common Vulnerability Exposure (CVE) ID: CVE-2014-9317
https://lists.debian.org/debian-lts-announce/2018/12/msg00009.html
Common Vulnerability Exposure (CVE) ID: CVE-2014-9318
Common Vulnerability Exposure (CVE) ID: CVE-2014-9603
Common Vulnerability Exposure (CVE) ID: CVE-2014-9604
http://www.ubuntu.com/usn/USN-2534-1
Common Vulnerability Exposure (CVE) ID: CVE-2015-1872
BugTraq ID: 72644
http://www.securityfocus.com/bid/72644
https://lists.debian.org/debian-lts-announce/2019/03/msg00041.html
http://www.securitytracker.com/id/1033078
http://www.ubuntu.com/usn/USN-2944-1
Common Vulnerability Exposure (CVE) ID: CVE-2015-3395
BugTraq ID: 74433
http://www.securityfocus.com/bid/74433
Debian Security Information: DSA-3288 (Google Search)
http://www.debian.org/security/2015/dsa-3288
https://security.gentoo.org/glsa/201705-08
Common Vulnerability Exposure (CVE) ID: CVE-2015-3417
BugTraq ID: 74385
http://www.securityfocus.com/bid/74385
http://seclists.org/fulldisclosure/2015/Apr/31
http://www.securitytracker.com/id/1032198
CopyrightCopyright (C) 2022 Greenbone AG

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.

Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.



© 1998-2025 E-Soft Inc. Alle Rechte vorbehalten.