English | Deutsch | Español
 
Inicial ▼
Página inicial Acerca Nuestro Contáctenos Privacidad Programas de Asociados Testimonios En la Prensa Listas de Correos Abuso Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
 
Auditorias ▼
Inicial Dedicada Avanzada Estándar Periódica Sin Riesgo Escritorio Básica Sello FAQ Resumen de Precio/Funciones Ordenar Nuevas Pruebas Todas las Pruebas Confidencialidad Búsqueda de Vulnerabilidad Ejecutar Auditoría Programador IP Permissions Auditorías Personalizadas Cola Recordatorio Sellos Informes Estilos de Informes
DNS
Administrado ▼
Acerca de DNS Ordenar/Renovar Preguntas Frecuentes AUP Dynamic DNS Clients
Configurar Dominios Dynamic DNS Update Password
Monitoreo
de Redes ▼
Enterprise Avanzado Estándarr Prueba Preguntas Frecuentes Resumen de Precio/Funciones Ordenar Muestras
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Iniciar sesión/Registrarse 
 
 Búsqueda de    
Vulnerabilidad   		     Buscar 324607 Descripciones CVE y
145615 Descripciones de Pruebas,
accesos 10,000+ referencias cruzadas.
Pruebas   CVE   Todos  

ID de Prueba:1.3.6.1.4.1.25623.1.1.10.2014.0464
Categoría:Mageia Linux Local Security Checks
Título:Mageia: Security Advisory (MGASA-2014-0464)
Resumen:The remote host is missing an update for the 'ffmpeg' package(s) announced via the MGASA-2014-0464 advisory.
Descripción:Summary:
The remote host is missing an update for the 'ffmpeg' package(s) announced via the MGASA-2014-0464 advisory.

Vulnerability Insight:
A heap-based buffer overflow in the encode_slice function in
libavcodec/proresenc_kostya.c in FFmpeg before 2.0.6 can cause a crash,
allowing a malicious image file to cause a denial of service (CVE-2014-5271).

libavcodec/iff.c in FFmpeg before 2.0.6 allows an attacker to have an
unspecified impact via a crafted iff image, which triggers an out-of-bounds
array access, related to the rgb8 and rgbn formats (CVE-2014-5272).

libavcodec/mjpegdec.c in FFmpeg before 2.0.6 considers only dimension
differences, and not bits-per-pixel differences, when determining whether an
image size has changed, which allows remote attackers to cause a denial of
service (out-of-bounds access) or possibly have unspecified other impact via
crafted MJPEG data (CVE-2014-8541).

libavcodec/utils.c in FFmpeg before 2.0.6 omits a certain codec ID during
enforcement of alignment, which allows remote attackers to cause a denial of
service (out-of-bounds access) or possibly have unspecified other impact via
crafted JV data (CVE-2014-8542).

libavcodec/mmvideo.c in FFmpeg before 2.0.6 does not consider all lines of
HHV Intra blocks during validation of image height, which allows remote
attackers to cause a denial of service (out-of-bounds access) or possibly
have unspecified other impact via crafted MM video data (CVE-2014-8543).

libavcodec/tiff.c in FFmpeg before 2.0.6 does not properly validate
bits-per-pixel fields, which allows remote attackers to cause a denial of
service (out-of-bounds access) or possibly have unspecified other impact via
crafted TIFF data (CVE-2014-8544).

libavcodec/pngdec.c in FFmpeg before 2.0.6 accepts the monochrome-black
format without verifying that the bits-per-pixel value is 1, which allows
remote attackers to cause a denial of service (out-of-bounds access) or
possibly have unspecified other impact via crafted PNG data (CVE-2014-8545).

Integer underflow in libavcodec/cinepak.c in FFmpeg before 2.0.6 allows
remote attackers to cause a denial of service (out-of-bounds access) or
possibly have unspecified other impact via crafted Cinepak video data
(CVE-2014-8546).

libavcodec/gifdec.c in FFmpeg before 2.0.6 does not properly compute image
heights, which allows remote attackers to cause a denial of service
(out-of-bounds access) or possibly have unspecified other impact via crafted
GIF data (CVE-2014-8547).

Off-by-one error in libavcodec/smc.c in FFmpeg before 2.0.6 allows remote
attackers to cause a denial of service (out-of-bounds access) or possibly
have unspecified other impact via crafted Quicktime Graphics (aka SMC) video
data (CVE-2014-8548).

Affected Software/OS:
'ffmpeg' package(s) on Mageia 4.

Solution:
Please install the updated package(s).

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2014-5271
BugTraq ID: 69250
http://www.securityfocus.com/bid/69250
https://security.gentoo.org/glsa/201603-06
http://www.osvdb.org/111725
Common Vulnerability Exposure (CVE) ID: CVE-2014-5272
http://www.openwall.com/lists/oss-security/2014/08/16/6
Common Vulnerability Exposure (CVE) ID: CVE-2014-8541
http://www.ubuntu.com/usn/USN-2944-1
Common Vulnerability Exposure (CVE) ID: CVE-2014-8542
https://lists.debian.org/debian-lts-announce/2019/02/msg00005.html
http://www.ubuntu.com/usn/USN-2534-1
Common Vulnerability Exposure (CVE) ID: CVE-2014-8543
Common Vulnerability Exposure (CVE) ID: CVE-2014-8544
Common Vulnerability Exposure (CVE) ID: CVE-2014-8545
Common Vulnerability Exposure (CVE) ID: CVE-2014-8546
Common Vulnerability Exposure (CVE) ID: CVE-2014-8547
Common Vulnerability Exposure (CVE) ID: CVE-2014-8548
CopyrightCopyright (C) 2022 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.

Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.



© 1998-2025 E-Soft Inc. Todos los derechos reservados.