[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244625

 
 

909

 
 

193379

 
 

277

Paid content will be excluded from the download.


Download | Alert*
OVAL

DSA-3957-1 ffmpeg -- ffmpeg

ID: oval:org.secpod.oval:def:603081Date: (C)2017-09-05   (M)2023-11-10
Class: PATCHFamily: unix




Several vulnerabilities have been discovered in FFmpeg, a multimedia player, server and encoder. These issues could lead to Denial-of-Service and, in some situation, the execution of arbitrary code. CVE-2017-9608 Yihan Lian of Qihoo 360 GearTeam discovered a NULL pointer access when parsing a crafted MOV file. CVE-2017-9993 Thierry Foucu discovered that it was possible to leak information from files and symlinks ending in common multimedia extensions, using the HTTP Live Streaming. CVE-2017-11399 Liu Bingchang of IIE discovered an integer overflow in the APE decoder that can be triggered by a crafted APE file. CVE-2017-11665 JunDong Xie of Ant-financial Light-Year Security Lab discovered that an attacker able to craft a RTMP stream can crash FFmpeg. CVE-2017-11719 Liu Bingchang of IIE discovered an out-of-bound access that can be triggered by a crafted DNxHD file.

Platform:
Debian 9.x
Product:
libswscale4
libavresample-dev
libavfilter-dev
libpostproc54
libpostproc-dev
libavdevice57
libavformat57
libavcodec-extra
libavformat-dev
libavutil55
libavresample3
libavfilter6
libavcodec57
ffmpeg
libavcodec-dev
libavutil-dev
libav-tools
libavfilter-extra
libswscale-dev
libswresample-dev
libswresample2
libavdevice-dev
Reference:
DSA-3957-1
CVE-2017-9608
CVE-2017-9993
CVE-2017-11399
CVE-2017-11665
CVE-2017-11719
CVE    5
CVE-2017-11399
CVE-2017-11665
CVE-2017-11719
CVE-2017-9993
...
CPE    5
cpe:/o:debian:debian_linux:9.0
cpe:/a:ffmpeg:ffmpeg
cpe:/o:debian:debian_linux:9.x
cpe:/a:ffmpeg:ffmpeg:3.3.2
...

© SecPod Technologies