[Forgot Password]
Login  Register Subscribe

24128

 
 

131615

 
 

112965

 
 

909

 
 

88036

 
 

136

Paid content will be excluded from the download.


Download | Alert*
OVAL

DSA-3957-1 ffmpeg -- ffmpeg

ID: oval:org.secpod.oval:def:603081Date: (C)2017-09-05   (M)2018-03-28
Class: PATCHFamily: unix




Several vulnerabilities have been discovered in FFmpeg, a multimedia player, server and encoder. These issues could lead to Denial-of-Service and, in some situation, the execution of arbitrary code. CVE-2017-9608 Yihan Lian of Qihoo 360 GearTeam discovered a NULL pointer access when parsing a crafted MOV file. CVE-2017-9993 Thierry Foucu discovered that it was possible to leak information from files and symlinks ending in common multimedia extensions, using the HTTP Live Streaming. CVE-2017-11399 Liu Bingchang of IIE discovered an integer overflow in the APE decoder that can be triggered by a crafted APE file. CVE-2017-11665 JunDong Xie of Ant-financial Light-Year Security Lab discovered that an attacker able to craft a RTMP stream can crash FFmpeg. CVE-2017-11719 Liu Bingchang of IIE discovered an out-of-bound access that can be triggered by a crafted DNxHD file.

Platform:
Debian 9.x
Product:
ffmpeg
Reference:
DSA-3957-1
CVE-2017-9608
CVE-2017-9993
CVE-2017-11399
CVE-2017-11665
CVE-2017-11719
CVE    5
CVE-2017-9608
CVE-2017-11719
CVE-2017-11399
CVE-2017-9993
...
CPE    30
cpe:/a:ffmpeg:ffmpeg
cpe:/a:ffmpeg:ffmpeg:3.0
cpe:/a:ffmpeg:ffmpeg:3.1.8
cpe:/a:ffmpeg:ffmpeg:3.0.7
...

© SecPod Technologies