Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 553732 (CVE-2014-9676)

Summary: <media-video/ffmpeg-2.6.3: Unspecified vulnerability (CVE-2014-9676)
Product: Gentoo Security Reporter: GLSAMaker/CVETool Bot <glsamaker>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: minor CC: media-video
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard: B3 [glsa]
Package list:
Runtime testing required: ---

Description GLSAMaker/CVETool Bot gentoo-dev 2015-07-01 14:57:25 UTC 
CVE-2014-9676 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9676):
  The seg_write_packet function in libavformat/segment.c in ffmpeg 2.1.4 and
  earlier does not free the correct memory location, which allows remote
  attackers to cause a denial of service ("invalid memory handler") and
  possibly execute arbitrary code via a crafted video that triggers a use
  after free.
Comment 1 Yury German Gentoo Infrastructure gentoo-dev 2015-07-01 14:58:54 UTC 
This will be cleaned up as part of Bug # 548006
Comment 2 Aaron Bauman (RETIRED) gentoo-dev 2016-03-20 12:20:49 UTC 
Added to existing GLSA.
Comment 3 GLSAMaker/CVETool Bot gentoo-dev 2016-06-19 00:01:11 UTC 
This issue was resolved and addressed in
 GLSA 201606-09 at https://security.gentoo.org/glsa/201606-09
by GLSA coordinator Kristian Fiskerstrand (K_F).