[libav-bugs] [Bug 805] New: CVE-2014-{8544,8546,9316,9318,9319}

bugzilla at aruru.libav.org bugzilla at aruru.libav.org
Mon Jan 19 17:10:36 CET 2015


https://bugzilla.libav.org/show_bug.cgi?id=805

            Bug ID: 805
           Summary: CVE-2014-{8544,8546,9316,9318,9319}
           Product: Libav
           Version: git HEAD
          Hardware: Other
                OS: Linux
            Status: NEW
          Severity: normal
          Priority: ---
         Component: general
          Assignee: bugzilla at libav.org
          Reporter: siretart at gmail.com

Forwarded from https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=775593

On 2014-12-20 23:31:11, Michael Gilbert wrote:
> CVE-2014-8544[4]:
> | libavcodec/tiff.c in FFmpeg before 2.4.2 does not properly validate
> | bits-per-pixel fields, which allows remote attackers to cause a denial
> | of service (out-of-bounds access) or possibly have unspecified other
> | impact via crafted TIFF data.

> CVE-2014-8546[6]:
> | Integer underflow in libavcodec/cinepak.c in FFmpeg before 2.4.2
> | allows remote attackers to cause a denial of service (out-of-bounds
> | access) or possibly have unspecified other impact via crafted Cinepak
> | video data.

> CVE-2014-9316[10]:
> | The mjpeg_decode_app function in libavcodec/mjpegdec.c in FFMpeg
> | before 2.1.6, 2.2.x through 2.3.x, and 2.4.x before 2.4.4 allows
> | remote attackers to cause a denial of service (out-of-bounds heap
> | access) and possibly have other unspecified impact via vectors related
> | to LJIF tags in an MJPEG file.

> CVE-2014-9318[11]:
> | The raw_decode function in libavcodec/rawdec.c in FFMpeg before 2.1.6,
> | 2.2.x through 2.3.x, and 2.4.x before 2.4.4 allows remote attackers to
> | cause a denial of service (out-of-bounds heap access) and possibly
> | have other unspecified impact via a crafted .cine file that triggers
> | the avpicture_get_size function to return a negative frame size.

> CVE-2014-9319[12]:
> | The ff_hevc_decode_nal_sps function in libavcodec/hevc_ps.c in FFMpeg
> | before 2.1.6, 2.2.x through 2.3.x, and 2.4.x before 2.4.4 allows
> | remote attackers to cause a denial of service (out-of-bounds access)
> | via a crafted .bit file.

> [4] https://security-tracker.debian.org/tracker/CVE-2014-8544
> [6] https://security-tracker.debian.org/tracker/CVE-2014-8546
> [10] https://security-tracker.debian.org/tracker/CVE-2014-9316
> [11] https://security-tracker.debian.org/tracker/CVE-2014-9318
> [12] https://security-tracker.debian.org/tracker/CVE-2014-9319

-- 
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.libav.org/pipermail/libav-bugs/attachments/20150119/83ce85f6/attachment-0001.html>


More information about the libav-bugs mailing list