{"id":"MGASA-2015-0245","summary":"Updated ffmpeg package fixes security vulnerability","details":"The mjpeg_decode_app function in libavcodec/mjpegdec.c in FFMpeg before 2.0.7\nallows remote attackers to cause a denial of service (out-of-bounds heap\naccess) and possibly have other unspecified impact via vectors related to\nLJIF tags in an MJPEG file (CVE-2014-9316).\n\nThe decode_ihdr_chunk function in libavcodec/pngdec.c in FFMpeg before 2.0.7\nallows remote attackers to cause a denial of service (out-of-bounds heap\naccess) and possibly have other unspecified impact via an IDAT before an IHDR\nin a PNG file (CVE-2014-9317).\n\nThe raw_decode function in libavcodec/rawdec.c in FFMpeg before 2.0.7 allows\nremote attackers to cause a denial of service (out-of-bounds heap access) and\npossibly have other unspecified impact via a crafted .cine file that triggers\nthe avpicture_get_size function to return a negative frame size\n(CVE-2014-9318).\n\nThe vmd_decode function in libavcodec/vmdvideo.c in FFmpeg before 2.0.7 does\nnot validate the relationship between a certain length value and the frame\nwidth, which allows remote attackers to cause a denial of service\n(out-of-bounds array access) or possibly have unspecified other impact via\ncrafted Sierra VMD video data (CVE-2014-9603).\n\nlibavcodec/utvideodec.c in FFmpeg before 2.0.7 does not check for a zero\nvalue of a slice height, which allows remote attackers to cause a denial of\nservice (out-of-bounds array access) or possibly have unspecified other\nimpact via crafted Ut Video data, related to the restore_median and\nrestore_median_il functions (CVE-2014-9604).\n\nAn attacker can force a read at an invalid address in mjpegdec.c of FFmpeg,\nin order to trigger a denial of service (CVE-2015-1872).\n\nThe msrle_decode_pal4 function in libavcodec/msrledec.c in FFmpeg before\n2.0.7 has an out-of-bounds array access that may allow remote attackers to\ncause a denial of service or possibly have unspecified other impact via a\ncrafted BMP file (CVE-2015-3395).\n\nUse-after-free vulnerability in the ff_h264_free_tables function in\nlibavcodec/h264.c in FFmpeg before 2.0.7 allows remote attackers to cause a\ndenial of service or possibly have unspecified other impact via crafted H.264\ndata in an MP4 file, as demonstrated by an HTML VIDEO element that references\nH.264 data (CVE-2015-3417).\n","modified":"2026-04-16T06:23:41.576146854Z","published":"2015-06-19T13:33:05Z","upstream":["CVE-2014-9316","CVE-2014-9317","CVE-2014-9318","CVE-2014-9603","CVE-2014-9604","CVE-2015-1872","CVE-2015-3395","CVE-2015-3417"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2015-0245.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=15502"},{"type":"WEB","url":"http://vigilance.fr/vulnerability/FFmpeg-unreachable-memory-reading-via-mjpegdec-c-16213"},{"type":"WEB","url":"http://git.videolan.org/?p=ffmpeg.git;a=log;h=n2.0.7"},{"type":"WEB","url":"http://ffmpeg.org/olddownload.html"},{"type":"WEB","url":"http://ffmpeg.org/security.html"}],"affected":[{"package":{"name":"ffmpeg","ecosystem":"Mageia:4","purl":"pkg:rpm/mageia/ffmpeg?arch=source&distro=mageia-4"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.0.7-1.mga4"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2015-0245.json"}},{"package":{"name":"ffmpeg","ecosystem":"Mageia:4","purl":"pkg:rpm/mageia/ffmpeg?arch=source&distro=mageia-4"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.0.7-1.mga4.tainted"}]}],"ecosystem_specific":{"section":"tainted"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2015-0245.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}