 |
Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | ||
| Test ID: | 1.3.6.1.4.1.25623.1.1.10.2014.0281 |
| Category: | Mageia Linux Local Security Checks |
| Title: | Mageia: Security Advisory (MGASA-2014-0281) |
| Summary: | The remote host is missing an update for the 'ffmpeg' package(s) announced via the MGASA-2014-0281 advisory. |
| Description: | Summary: The remote host is missing an update for the 'ffmpeg' package(s) announced via the MGASA-2014-0281 advisory. Vulnerability Insight: A use-after-free vulnerability in FFmpeg before 1.1.9 involving seek operations on video data could allow remote attackers to cause a denial of service (CVE-2012-5150). The tak_decode_frame function in libavcodec/takdec.c in FFmpeg before 1.1.9 does not properly validate a certain bits-per-sample value, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted TAK (aka Tom's lossless Audio Kompressor) data (CVE-2014-2097). libavcodec/wmalosslessdec.c in FFmpeg before 1.1.9 uses an incorrect data-structure size for certain coefficients, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via crafted WMA data (CVE-2014-2098). The msrle_decode_frame function in libavcodec/msrle.c in FFmpeg before 1.1.9 does not properly calculate line sizes, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted Microsoft RLE video data (CVE-2014-2099). The mpegts_write_pmt function in the MPEG2 transport stream (aka DVB) muxer (libavformat/mpegtsenc.c) in FFmpeg before 1.1.9 allows remote attackers to have unspecified impact and vectors, which trigger an out-of-bounds write (CVE-2014-2263). An integer overflow in LZO decompression in FFmpeg before 1.1.12 allows remote attackers to have an unspecified impact by embedding compressed data in a video file (CVE-2014-4610). This updates provides ffmpeg version 1.1.12, which fixes these issues and several other bugs which were corrected upstream. Affected Software/OS: 'ffmpeg' package(s) on Mageia 3. Solution: Please install the updated package(s). CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P |
| Cross-Ref: |
Common Vulnerability Exposure (CVE) ID: CVE-2012-5150 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16440 SuSE Security Announcement: openSUSE-SU-2013:0236 (Google Search) http://lists.opensuse.org/opensuse-updates/2013-02/msg00005.html Common Vulnerability Exposure (CVE) ID: CVE-2014-2097 https://security.gentoo.org/glsa/201603-06 Common Vulnerability Exposure (CVE) ID: CVE-2014-2098 Common Vulnerability Exposure (CVE) ID: CVE-2014-2099 Common Vulnerability Exposure (CVE) ID: CVE-2014-2263 BugTraq ID: 65560 http://www.securityfocus.com/bid/65560 http://www.securitytracker.com/id/1029850 http://secunia.com/advisories/56971 XForce ISS Database: ffmpeg-mpegtswritepmt-bo(91174) https://exchange.xforce.ibmcloud.com/vulnerabilities/91174 Common Vulnerability Exposure (CVE) ID: CVE-2014-4610 http://blog.securitymouse.com/2014/06/raising-lazarus-20-year-old-bug-that.html http://www.openwall.com/lists/oss-security/2014/06/26/23 https://www.ffmpeg.org/security.html |
| Copyright | Copyright (C) 2022 Greenbone AG |
| This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |