I would like to request CVEs for the following issues:
fixes asseration failure in prores_ks encoder
fixes out of array access in iff decoder
Found-by: Piotr Bandurski
libavcodec/iff.c in FFMpeg before 1.1.14, 1.2.x before 1.2.8, 2.2.x before
2.2.7, and 2.3.x before 2.3.2 allows remote attackers to have unspecified
impact via a crafted iff image, which triggers an out-of-bounds array
access, related to the rgb8 and rgbn formats.
Heap-based buffer overflow in the encode_slice function in
libavcodec/proresenc_kostya.c in FFMpeg before 1.1.14, 1.2.x before 1.2.8,
2.x before 2.2.7, and 2.3.x before 2.3.3 and Libav before 10.5 allows remote
attackers to cause a denial of service (crash) or possibly execute arbitrary
code via unspecified vectors.
http://ffmpeg.org/security.html marks it as fixed in 2.2.7 for the 2.2 branch, we'll go with 2.2.12+ since 1.2 (current stable) is not maintained anymore
Highest Version of Fixes for CVE's - 1.1.14, 1.2.8, 2.1.6, 2.2.7
Since 1.1.X and 1.2.X is no longer maintained and
2.2.14 is being stabilized, but higher version without bugs is 2.2.15. Once stabilized we can clean up 1.1.x and 1.2.x
Setting dependency on: 548006
This issue was resolved and addressed in
GLSA 201603-06 at https://security.gentoo.org/glsa/201603-06
by GLSA coordinator Kristian Fiskerstrand (K_F).