Mageia Linux Local Security Checks : Mageia: Security Advisory (MGASA-2015-0233)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.1.10.2015.0233

Categoría: Mageia Linux Local Security Checks

Título: Mageia: Security Advisory (MGASA-2015-0233)

Resumen: The remote host is missing an update for the 'avidemux' package(s) announced via the MGASA-2015-0233 advisory.

Descripción: Summary:
The remote host is missing an update for the 'avidemux' package(s) announced via the MGASA-2015-0233 advisory.

Vulnerability Insight:
Updated avidemux packages fix security vulnerabilities:

The mjpeg_decode_app function in libavcodec/mjpegdec.c in FFMpeg before
1.2.11 allows remote attackers to cause a denial of service (out-of-bounds
heap access) and possibly have other unspecified impact via vectors related
to LJIF tags in an MJPEG file (CVE-2014-9316).

The decode_ihdr_chunk function in libavcodec/pngdec.c in FFMpeg before 1.2.11
allows remote attackers to cause a denial of service (out-of-bounds heap
access) and possibly have other unspecified impact via an IDAT before an IHDR
in a PNG file (CVE-2014-9317).

The vmd_decode function in libavcodec/vmdvideo.c in FFmpeg before 1.2.11 does
not validate the relationship between a certain length value and the frame
width, which allows remote attackers to cause a denial of service
(out-of-bounds array access) or possibly have unspecified other impact via
crafted Sierra VMD video data (CVE-2014-9603).

libavcodec/utvideodec.c in FFmpeg before 1.2.11 does not check for a zero
value of a slice height, which allows remote attackers to cause a denial of
service (out-of-bounds array access) or possibly have unspecified other
impact via crafted Ut Video data, related to the restore_median and
restore_median_il functions (CVE-2014-9604).

An attacker can force a read at an invalid address in mjpegdec.c of FFmpeg,
in order to trigger a denial of service (CVE-2015-1872).

Use-after-free vulnerability in the ff_h264_free_tables function in
libavcodec/h264.c in FFmpeg before 1.2.11 allows remote attackers to cause a
denial of service or possibly have unspecified other impact via crafted H.264
data in an MP4 file, as demonstrated by an HTML VIDEO element that references
H.264 data (CVE-2015-3417).

Avidemux is built with a bundled set of FFmpeg libraries. The bundled FFmpeg
version has been updated from 1.2.10 to 1.2.12 to fix these security issues
and other bugs fixed upstream in FFmpeg.

Affected Software/OS:
'avidemux' package(s) on Mageia 4.

Solution:
Please install the updated package(s).

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2014-9316
https://security.gentoo.org/glsa/201603-06
Common Vulnerability Exposure (CVE) ID: CVE-2014-9317
https://lists.debian.org/debian-lts-announce/2018/12/msg00009.html
Common Vulnerability Exposure (CVE) ID: CVE-2014-9603
Common Vulnerability Exposure (CVE) ID: CVE-2014-9604
http://www.ubuntu.com/usn/USN-2534-1
Common Vulnerability Exposure (CVE) ID: CVE-2015-1872
BugTraq ID: 72644
http://www.securityfocus.com/bid/72644
https://lists.debian.org/debian-lts-announce/2019/03/msg00041.html
http://www.securitytracker.com/id/1033078
http://www.ubuntu.com/usn/USN-2944-1
Common Vulnerability Exposure (CVE) ID: CVE-2015-3417
BugTraq ID: 74385
http://www.securityfocus.com/bid/74385
Debian Security Information: DSA-3288 (Google Search)
http://www.debian.org/security/2015/dsa-3288
http://seclists.org/fulldisclosure/2015/Apr/31
https://security.gentoo.org/glsa/201705-08
http://www.securitytracker.com/id/1032198

Copyright Copyright (C) 2022 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.1.10.2015.0233
Categoría:	Mageia Linux Local Security Checks
Título:	Mageia: Security Advisory (MGASA-2015-0233)
Resumen:	The remote host is missing an update for the 'avidemux' package(s) announced via the MGASA-2015-0233 advisory.
Descripción:	Summary: The remote host is missing an update for the 'avidemux' package(s) announced via the MGASA-2015-0233 advisory. Vulnerability Insight: Updated avidemux packages fix security vulnerabilities: The mjpeg_decode_app function in libavcodec/mjpegdec.c in FFMpeg before 1.2.11 allows remote attackers to cause a denial of service (out-of-bounds heap access) and possibly have other unspecified impact via vectors related to LJIF tags in an MJPEG file (CVE-2014-9316). The decode_ihdr_chunk function in libavcodec/pngdec.c in FFMpeg before 1.2.11 allows remote attackers to cause a denial of service (out-of-bounds heap access) and possibly have other unspecified impact via an IDAT before an IHDR in a PNG file (CVE-2014-9317). The vmd_decode function in libavcodec/vmdvideo.c in FFmpeg before 1.2.11 does not validate the relationship between a certain length value and the frame width, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted Sierra VMD video data (CVE-2014-9603). libavcodec/utvideodec.c in FFmpeg before 1.2.11 does not check for a zero value of a slice height, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted Ut Video data, related to the restore_median and restore_median_il functions (CVE-2014-9604). An attacker can force a read at an invalid address in mjpegdec.c of FFmpeg, in order to trigger a denial of service (CVE-2015-1872). Use-after-free vulnerability in the ff_h264_free_tables function in libavcodec/h264.c in FFmpeg before 1.2.11 allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted H.264 data in an MP4 file, as demonstrated by an HTML VIDEO element that references H.264 data (CVE-2015-3417). Avidemux is built with a bundled set of FFmpeg libraries. The bundled FFmpeg version has been updated from 1.2.10 to 1.2.12 to fix these security issues and other bugs fixed upstream in FFmpeg. Affected Software/OS: 'avidemux' package(s) on Mageia 4. Solution: Please install the updated package(s). CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2014-9316 https://security.gentoo.org/glsa/201603-06 Common Vulnerability Exposure (CVE) ID: CVE-2014-9317 https://lists.debian.org/debian-lts-announce/2018/12/msg00009.html Common Vulnerability Exposure (CVE) ID: CVE-2014-9603 Common Vulnerability Exposure (CVE) ID: CVE-2014-9604 http://www.ubuntu.com/usn/USN-2534-1 Common Vulnerability Exposure (CVE) ID: CVE-2015-1872 BugTraq ID: 72644 http://www.securityfocus.com/bid/72644 https://lists.debian.org/debian-lts-announce/2019/03/msg00041.html http://www.securitytracker.com/id/1033078 http://www.ubuntu.com/usn/USN-2944-1 Common Vulnerability Exposure (CVE) ID: CVE-2015-3417 BugTraq ID: 74385 http://www.securityfocus.com/bid/74385 Debian Security Information: DSA-3288 (Google Search) http://www.debian.org/security/2015/dsa-3288 http://seclists.org/fulldisclosure/2015/Apr/31 https://security.gentoo.org/glsa/201705-08 http://www.securitytracker.com/id/1032198
Copyright	Copyright (C) 2022 Greenbone AG