Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 496
Alerts This Week
Warning Icon 1 496

Debian 8: DLA-1611-1 Critical: libav Denial Of Service Issues

debian lts
Calendar Grey December 20, 2018
Dist Debian Esm H88
Important libav security patch addresses multiple vulnerabilities that could cause service disruptions and raise the risk of external code execution.
Several security issues have been corrected in multiple demuxers and decoders of the libav multimedia library

Summary

CVE-2014-9317

The decode_ihdr_chunk function in libavcodec/pngdec.c allowed remote
attackers to cause a denial of service (out-of-bounds heap access)
and possibly had other unspecified impact via an IDAT before an IHDR
in a PNG file. The issue got addressed by checking IHDR/IDAT order.

CVE-2015-6761

The update_dimensions function in libavcodec/vp8.c in libav relies on
a coefficient-partition count during multi-threaded operation, which
allowed remote attackers to cause a denial of service (race condition
and memory corruption) or possibly have unspecified other impact via
a crafted WebM file. This issue has been resolved by using
num_coeff_partitions in thread/buffer setup. The variable is not a
constant and can lead to race conditions.

CVE-2015-6818

The decode_ihdr_chunk function in libavcodec/pngdec.c did not enforce
uniqueness of the IHDR (aka image header) chunk in a PNG image, which

Read the Full Advisory


Severity
critical
Lowest
Low
Medium
High
Critical

<pre><font face="Courier">Package: libav
Version: 6:11.12-1~deb8u2
CVE ID: CVE-2014-9317 CVE-2015-6761 CVE-2015-6818 CVE-2015-6820

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.