Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 553732 (CVE-2014-9676) - <media-video/ffmpeg-2.6.3: Unspecified vulnerability (CVE-2014-9676)
Summary: <media-video/ffmpeg-2.6.3: Unspecified vulnerability (CVE-2014-9676)
Alias: CVE-2014-9676
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
Whiteboard: B3 [glsa]
Depends on:
Reported: 2015-07-01 14:57 UTC by GLSAMaker/CVETool Bot
Modified: 2016-06-19 00:01 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description GLSAMaker/CVETool Bot gentoo-dev 2015-07-01 14:57:25 UTC
CVE-2014-9676 (
  The seg_write_packet function in libavformat/segment.c in ffmpeg 2.1.4 and
  earlier does not free the correct memory location, which allows remote
  attackers to cause a denial of service ("invalid memory handler") and
  possibly execute arbitrary code via a crafted video that triggers a use
  after free.
Comment 1 Yury German Gentoo Infrastructure gentoo-dev 2015-07-01 14:58:54 UTC
This will be cleaned up as part of Bug # 548006
Comment 2 Aaron Bauman (RETIRED) gentoo-dev 2016-03-20 12:20:49 UTC
Added to existing GLSA.
Comment 3 GLSAMaker/CVETool Bot gentoo-dev 2016-06-19 00:01:11 UTC
This issue was resolved and addressed in
 GLSA 201606-09 at
by GLSA coordinator Kristian Fiskerstrand (K_F).