Mandriva Linux Security Advisory : ffmpeg (MDVSA-2014:129)
Critical Nessus Plugin ID 76437
SynopsisThe remote Mandriva Linux host is missing one or more security updates.
DescriptionMultiple vulnerabilities has been discovered and corrected in ffmpeg :
Multiple unspecified vulnerabilities in libavcodec/wmalosslessdec.c in FFmpeg before 0.11 have unknown impact and attack vectors related to (1) size of mclms arrays, (2) a get_bits(0) in decode_ac_filter, and (3) too many bits in decode_channel_residues(). (CVE-2012-2795).
libavcodec/wmalosslessdec.c in FFmpeg before 2.1.4 uses an incorrect data-structure size for certain coefficients, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via crafted WMA data (CVE-2014-2098).
The msrle_decode_frame function in libavcodec/msrle.c in FFmpeg before 2.1.4 does not properly calculate line sizes, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted Microsoft RLE video data (CVE-2014-2099).
The mpegts_write_pmt function in the MPEG2 transport stream (aka DVB) muxer (libavformat/mpegtsenc.c) in FFmpeg, possibly 2.1 and earlier, allows remote attackers to have unspecified impact and vectors, which trigger an out-of-bounds write (CVE-2014-2263).
A use-after-free vulnerability in FFmpeg before 1.1.9 involving seek operations on video data could allow remote attackers to cause a denial of service (CVE-2012-5150).
An integer overflow can occur when processing any variant of a literal run in the av_lzo1x_decode function (CVE-2014-4609, CVE-2014-4610).
The updated packages have been upgraded to the 0.10.14 version which is not vulnerable to these issues.
SolutionUpdate the affected packages.