libavcodec/utils.c in FFmpeg before 2.4.2 omits a certain codec ID during enforcement of alignment, which allows remote attackers to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via crafted JV data.
http://git.videolan.org/?p=ffmpeg.git;a=commit;h=105654e376a736d243aef4a1d121abebce912e6b
http://www.ffmpeg.org/security.html
http://www.ubuntu.com/usn/USN-2534-1
https://lists.debian.org/debian-lts-announce/2019/02/msg00005.html
OR
cpe:2.3:a:ffmpeg:ffmpeg:*:*:*:*:*:*:*:* versions up to 2.4.1 (inclusive)
OR
OR
ID | Name | Product | Family | Severity |
---|---|---|---|---|
121622 | Debian DLA-1654-1 : libav security update | Nessus | Debian Local Security Checks | high |
89899 | GLSA-201603-06 : FFmpeg: Multiple vulnerabilities | Nessus | Gentoo Local Security Checks | critical |
83940 | FreeBSD : ffmpeg -- multiple vulnerabilities (65b14d39-d01f-419c-b0b8-5df60b929973) | Nessus | FreeBSD Local Security Checks | high |
82449 | Mandriva Linux Security Advisory : ffmpeg (MDVSA-2015:173) | Nessus | Mandriva Local Security Checks | high |
81910 | Ubuntu 12.04 LTS : libav vulnerabilities (USN-2534-1) | Nessus | Ubuntu Local Security Checks | high |