DSA-3957-1 ffmpeg -- ffmpegID: oval:org.secpod.oval:def:603081 | Date: (C)2017-09-05 (M)2023-11-10 |
Class: PATCH | Family: unix |
Several vulnerabilities have been discovered in FFmpeg, a multimedia player, server and encoder. These issues could lead to Denial-of-Service and, in some situation, the execution of arbitrary code. CVE-2017-9608 Yihan Lian of Qihoo 360 GearTeam discovered a NULL pointer access when parsing a crafted MOV file. CVE-2017-9993 Thierry Foucu discovered that it was possible to leak information from files and symlinks ending in common multimedia extensions, using the HTTP Live Streaming. CVE-2017-11399 Liu Bingchang of IIE discovered an integer overflow in the APE decoder that can be triggered by a crafted APE file. CVE-2017-11665 JunDong Xie of Ant-financial Light-Year Security Lab discovered that an attacker able to craft a RTMP stream can crash FFmpeg. CVE-2017-11719 Liu Bingchang of IIE discovered an out-of-bound access that can be triggered by a crafted DNxHD file.
Product: |
libswscale4 |
libavresample-dev |
libavfilter-dev |
libpostproc54 |
libpostproc-dev |
libavdevice57 |
libavformat57 |
libavcodec-extra |
libavformat-dev |
libavutil55 |
libavresample3 |
libavfilter6 |
libavcodec57 |
ffmpeg |
libavcodec-dev |
libavutil-dev |
libav-tools |
libavfilter-extra |
libswscale-dev |
libswresample-dev |
libswresample2 |
libavdevice-dev |