 |
Inicial ▼ Bookkeeping
Online ▼ Auditorias ▼
DNS
Administrado ▼
Acerca de DNS
Ordenar/Renovar
Preguntas Frecuentes
AUP
Dynamic DNS Clients
Configurar Dominios Dynamic DNS Update Password Monitoreo
de Redes ▼
Enterprise
Avanzado
Estándarr
Prueba
Preguntas Frecuentes
Resumen de Precio/Funciones
Ordenar
Muestras
Configure/Status Alert Profiles | ||
| ID de Prueba: | 1.3.6.1.4.1.25623.1.1.10.2014.0281 |
| Categoría: | Mageia Linux Local Security Checks |
| Título: | Mageia: Security Advisory (MGASA-2014-0281) |
| Resumen: | The remote host is missing an update for the 'ffmpeg' package(s) announced via the MGASA-2014-0281 advisory. |
| Descripción: | Summary: The remote host is missing an update for the 'ffmpeg' package(s) announced via the MGASA-2014-0281 advisory. Vulnerability Insight: A use-after-free vulnerability in FFmpeg before 1.1.9 involving seek operations on video data could allow remote attackers to cause a denial of service (CVE-2012-5150). The tak_decode_frame function in libavcodec/takdec.c in FFmpeg before 1.1.9 does not properly validate a certain bits-per-sample value, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted TAK (aka Tom's lossless Audio Kompressor) data (CVE-2014-2097). libavcodec/wmalosslessdec.c in FFmpeg before 1.1.9 uses an incorrect data-structure size for certain coefficients, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via crafted WMA data (CVE-2014-2098). The msrle_decode_frame function in libavcodec/msrle.c in FFmpeg before 1.1.9 does not properly calculate line sizes, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted Microsoft RLE video data (CVE-2014-2099). The mpegts_write_pmt function in the MPEG2 transport stream (aka DVB) muxer (libavformat/mpegtsenc.c) in FFmpeg before 1.1.9 allows remote attackers to have unspecified impact and vectors, which trigger an out-of-bounds write (CVE-2014-2263). An integer overflow in LZO decompression in FFmpeg before 1.1.12 allows remote attackers to have an unspecified impact by embedding compressed data in a video file (CVE-2014-4610). This updates provides ffmpeg version 1.1.12, which fixes these issues and several other bugs which were corrected upstream. Affected Software/OS: 'ffmpeg' package(s) on Mageia 3. Solution: Please install the updated package(s). CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P |
| Referencia Cruzada: |
Common Vulnerability Exposure (CVE) ID: CVE-2012-5150 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16440 SuSE Security Announcement: openSUSE-SU-2013:0236 (Google Search) http://lists.opensuse.org/opensuse-updates/2013-02/msg00005.html Common Vulnerability Exposure (CVE) ID: CVE-2014-2097 https://security.gentoo.org/glsa/201603-06 Common Vulnerability Exposure (CVE) ID: CVE-2014-2098 Common Vulnerability Exposure (CVE) ID: CVE-2014-2099 Common Vulnerability Exposure (CVE) ID: CVE-2014-2263 BugTraq ID: 65560 http://www.securityfocus.com/bid/65560 http://www.securitytracker.com/id/1029850 http://secunia.com/advisories/56971 XForce ISS Database: ffmpeg-mpegtswritepmt-bo(91174) https://exchange.xforce.ibmcloud.com/vulnerabilities/91174 Common Vulnerability Exposure (CVE) ID: CVE-2014-4610 http://blog.securitymouse.com/2014/06/raising-lazarus-20-year-old-bug-that.html http://www.openwall.com/lists/oss-security/2014/06/26/23 https://www.ffmpeg.org/security.html |
| Copyright | Copyright (C) 2022 Greenbone AG |
| Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora. |