 |
Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | ||
| Test ID: | 1.3.6.1.4.1.25623.1.1.10.2014.0280 |
| Category: | Mageia Linux Local Security Checks |
| Title: | Mageia: Security Advisory (MGASA-2014-0280) |
| Summary: | The remote host is missing an update for the 'ffmpeg' package(s) announced via the MGASA-2014-0280 advisory. |
| Description: | Summary: The remote host is missing an update for the 'ffmpeg' package(s) announced via the MGASA-2014-0280 advisory. Vulnerability Insight: The tak_decode_frame function in libavcodec/takdec.c in FFmpeg before 2.0.4 does not properly validate a certain bits-per-sample value, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted TAK (aka Tom's lossless Audio Kompressor) data (CVE-2014-2097). libavcodec/wmalosslessdec.c in FFmpeg before 2.0.4 uses an incorrect data-structure size for certain coefficients, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via crafted WMA data (CVE-2014-2098). The msrle_decode_frame function in libavcodec/msrle.c in FFmpeg before 2.0.4 does not properly calculate line sizes, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted Microsoft RLE video data (CVE-2014-2099). The mpegts_write_pmt function in the MPEG2 transport stream (aka DVB) muxer (libavformat/mpegtsenc.c) in FFmpeg before 2.0.4 allows remote attackers to have unspecified impact and vectors, which trigger an out-of-bounds write (CVE-2014-2263). An integer overflow in LZO decompression in FFmpeg before 2.0.5 allows remote attackers to have an unspecified impact by embedding compressed data in a video file (CVE-2014-4610). This updates provides ffmpeg version 2.0.5, which fixes these issues and several other bugs which were corrected upstream. Affected Software/OS: 'ffmpeg' package(s) on Mageia 4. Solution: Please install the updated package(s). CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P |
| Cross-Ref: |
Common Vulnerability Exposure (CVE) ID: CVE-2014-2097 https://security.gentoo.org/glsa/201603-06 Common Vulnerability Exposure (CVE) ID: CVE-2014-2098 Common Vulnerability Exposure (CVE) ID: CVE-2014-2099 Common Vulnerability Exposure (CVE) ID: CVE-2014-2263 BugTraq ID: 65560 http://www.securityfocus.com/bid/65560 http://www.securitytracker.com/id/1029850 http://secunia.com/advisories/56971 XForce ISS Database: ffmpeg-mpegtswritepmt-bo(91174) https://exchange.xforce.ibmcloud.com/vulnerabilities/91174 Common Vulnerability Exposure (CVE) ID: CVE-2014-4610 http://blog.securitymouse.com/2014/06/raising-lazarus-20-year-old-bug-that.html http://www.openwall.com/lists/oss-security/2014/06/26/23 https://www.ffmpeg.org/security.html |
| Copyright | Copyright (C) 2022 Greenbone AG |
| This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |