Summary: | <media-video/libav-0.8.5: multiple vulnerabilities (CVE-2012-{2783,2791,2797,2798,2801,2802,2803,2804,5144}) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | media-video |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://libav.org/releases/libav-0.8.5.changelog | ||
Whiteboard: | B2 [glsa] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 453328 | ||
Bug Blocks: |
Description
Agostino Sarubbo
2013-01-15 10:44:37 UTC
Archs have fun :-) I guess you meant this: Arch teams, please test and mark stable: =media-video/libav-0.8.5 Stable KEYWORDS : alpha amd64 arm hppa ia64 ppc ppc64 sparc x86 amd64 stable CVE-2012-5144 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5144): Google Chrome before 23.0.1271.97 does not properly perform AAC decoding, which allows remote attackers to cause a denial of service (stack memory corruption) or possibly have unspecified other impact via unknown vectors. CVE-2012-2804 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2804): Unspecified vulnerability in libavcodec/indeo3.c in FFmpeg before 0.11 has unknown impact and attack vectors, related to "reallocation code" and the luma height and width. CVE-2012-2803 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2803): Double free vulnerability in the mpeg_decode_frame function in libavcodec/mpeg12.c in FFmpeg before 0.11 has unknown impact and attack vectors, related to resetting the data size value. CVE-2012-2802 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2802): Unspecified vulnerability in the ac3_decode_frame function in libavcodec/ac3dec.c in FFmpeg before 0.11 has unknown impact and attack vectors, related to the "number of output channels" and "out of array writes." CVE-2012-2801 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2801): Unspecified vulnerability in libavcodec/avs.c in FFmpeg before 0.11 has unknown impact and attack vectors, related to dimensions and "out of array writes." CVE-2012-2798 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2798): Unspecified vulnerability in the decode_dds1 function in libavcodec/dfa.c in FFmpeg before 0.11 has unknown impact and attack vectors, related to an "out of array write." CVE-2012-2797 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2797): Unspecified vulnerability in the decode_frame_mp3on4 function in libavcodec/mpegaudiodec.c in FFmpeg before 0.11 has unknown impact and attack vectors related to a calculation that prevents a frame from being "large enough." CVE-2012-2791 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2791): Multiple unspecified vulnerabilities in the (1) decode_band_hdr function in indeo4.c and (2) ff_ivi_decode_blocks function in ivi_common.c in libavcodec/ in FFmpeg before 0.11 have unknown impact and attack vectors, related to the "transform size." CVE-2012-2783 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2783): Unspecified vulnerability in libavcodec/vp56.c in FFmpeg before 0.11 has unknown impact and attack vectors, related to "freeing the returned frame." ppc stable Stable for HPPA. ppc64 stable alpha stable arm stable x86 stable sparc stable ia64 stable Added to existing GLSA draft. oldest in tree libav-0.8.7, PLEASE CLOSE. This issue was resolved and addressed in GLSA 201406-28 at http://security.gentoo.org/glsa/glsa-201406-28.xml by GLSA coordinator Chris Reffett (creffett). |