{"id":"MGASA-2019-0029","summary":"Updated live, ffmpeg, mplayer, and vlc packages fix security vulnerabilities","details":"A bug in the server implementation of RTSP-over-HTTP in live could allow\na denial-of-service attack.\n\nA bug in the server implementation of RTSP-over-HTTP could allow a\nbuffer overflow, which could result in the execution of arbitrary code\nwhen parsing a malformed RTSP stream (CVE-2018-4013).\n\nThe flv_write_packet function in libavformat/flvenc.c in FFmpeg through\n3.3.8 does not check for an empty audio packet, leading to an assertion\nfailure (CVE-2018-15822).\n\nThe live package has been updated to version 2018.11.26, the ffmpeg\npackage has been updated to version 3.3.9, and the vlc package has been\nupdated to version 3.0.5, fixing these issues and other bugs.\n\nThe mplayer package has been rebuilt against the update live package to\nfix the RTSP-over-HTTP issues in mplayer.\n","modified":"2026-02-04T04:18:43.998672Z","published":"2019-01-10T10:53:49Z","related":["CVE-2018-15822","CVE-2018-4013"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2019-0029.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=24071"},{"type":"REPORT","url":"http://live555.com/liveMedia/public/changelog.txt"},{"type":"REPORT","url":"https://www.videolan.org/developers/vlc-branch/NEWS"},{"type":"REPORT","url":"https://www.debian.org/security/2018/dsa-4343"}],"affected":[{"package":{"name":"live","ecosystem":"Mageia:6","purl":"pkg:rpm/mageia/live?arch=source&distro=mageia-6"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2018.11.26-1.mga6"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2019-0029.json"}},{"package":{"name":"ffmpeg","ecosystem":"Mageia:6","purl":"pkg:rpm/mageia/ffmpeg?arch=source&distro=mageia-6"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.3.9-1.mga6"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2019-0029.json"}},{"package":{"name":"mplayer","ecosystem":"Mageia:6","purl":"pkg:rpm/mageia/mplayer?arch=source&distro=mageia-6"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.3.0-13.mga6"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2019-0029.json"}},{"package":{"name":"vlc","ecosystem":"Mageia:6","purl":"pkg:rpm/mageia/vlc?arch=source&distro=mageia-6"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.0.5-2.mga6"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2019-0029.json"}},{"package":{"name":"ffmpeg","ecosystem":"Mageia:6","purl":"pkg:rpm/mageia/ffmpeg?arch=source&distro=mageia-6"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.3.9-1.mga6.tainted"}]}],"ecosystem_specific":{"section":"tainted"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2019-0029.json"}},{"package":{"name":"mplayer","ecosystem":"Mageia:6","purl":"pkg:rpm/mageia/mplayer?arch=source&distro=mageia-6"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.3.0-13.mga6.tainted"}]}],"ecosystem_specific":{"section":"tainted"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2019-0029.json"}},{"package":{"name":"vlc","ecosystem":"Mageia:6","purl":"pkg:rpm/mageia/vlc?arch=source&distro=mageia-6"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.0.5-2.mga6.tainted"}]}],"ecosystem_specific":{"section":"tainted"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2019-0029.json"}}],"schema_version":"1.7.3","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}