Computer Security
[EN] securityvulns.ru no-pyccku


libav / ffmpeg multiple security vulnerabilities
Published:10.02.2014
Source:
SecurityVulns ID:13560
Type:library
Threat Level:
7/10
Description:Vulnerabilitlies in different demuxers and decoders.
CVE:CVE-2013-7015 (The flashsv_decode_frame function in libavcodec/flashsv.c in FFmpeg before 2.1 does not properly validate a certain height value, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted Flash Screen Video data.)
 CVE-2013-7014 (Integer signedness error in the add_bytes_l2_c function in libavcodec/pngdsp.c in FFmpeg before 2.1 allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted PNG data.)
 CVE-2013-7010 (Multiple integer signedness errors in libavcodec/dsputil.c in FFmpeg before 2.1 allow remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted data.)
 CVE-2013-0865 (The vqa_decode_chunk function in libavcodec/vqavideo.c in FFmpeg before 1.0.4 and 1.1.x before 1.1.2 allows remote attackers to have an unspecified impact via a large (1) cbp0 or (2) cbpz chunk in Westwood Studios VQA Video file, which triggers an out-of-bounds write.)
 CVE-2013-0849 (The roq_decode_init function in libavcodec/roqvideodec.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via a crafted (1) width or (2) height dimension that is not a multiple of sixteen in id RoQ video data.)
 CVE-2013-0846 (Array index error in the qdm2_decode_super_block function in libavcodec/qdm2.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via crafted QDM2 data, which triggers an out-of-bounds array access.)
 CVE-2013-0845 (libavcodec/alsdec.c in FFmpeg before 1.0.4 allows remote attackers to have an unspecified impact via a crafted block length, which triggers an out-of-bounds write.)
 CVE-2011-3944 (The smacker_decode_header_tree function in libavcodec/smacker.c in FFmpeg before 0.10 allows remote attackers to have an unspecified impact via crafted Smacker data.)
Original documentdocumentDEBIAN, [SECURITY] [DSA 2855-1] libav security update (10.02.2014)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod