CVE-2014-9604 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9604): libavcodec/utvideodec.c in FFmpeg before 2.5.2 does not check for a zero value of a slice height, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted Ut Video data, related to the (1) restore_median and (2) restore_median_il functions. CVE-2014-9603 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9603): The vmd_decode function in libavcodec/vmdvideo.c in FFmpeg before 2.5.2 does not validate the relationship between a certain length value and the frame width, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted Sierra VMD video data. CVE-2014-9602 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9602): libavcodec/xface.h in FFmpeg before 2.5.2 establishes certain digits and words array dimensions that do not satisfy a required mathematical relationship, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted X-Face image data.
Fixed in: 2.0.7, 2.1.7, 2.2.12, 2.3.6, 2.4.5, 2.5.2 Depends: Bug 548006
This issue was resolved and addressed in GLSA 201603-06 at https://security.gentoo.org/glsa/201603-06 by GLSA coordinator Kristian Fiskerstrand (K_F).