Debian 9: DLA-1850-1 Moderate: libav Security Vulnerabilities Found
debian lts
March 30, 2019
Several security issues have been corrected in multiple demuxers and decoders of the libav multimedia library
Topics Covered
Summary
CVE-2015-1872
The ff_mjpeg_decode_sof function in libavcodec/mjpegdec.c did not
validate the number of components in a JPEG-LS Start Of Frame
segment, which allowed remote attackers to cause a denial of service
(out-of-bounds array access) or possibly have unspecified other
impact via crafted Motion JPEG data.
CVE-2017-14058
The read_data function in libavformat/hls.c did not restrict reload
attempts for an insufficient list, which allowed remote attackers to
cause a denial of service (infinite loop).
CVE-2017-1000460
In get_last_needed_nal() (libavformat/h264.c) the return value of
init_get_bits was ignored and get_ue_golomb(&gb) was called on an
uninitialized get_bits context, which caused a NULL deref exception.
CVE-2018-6392
The filter_slice function in libavfilter/vf_transpose.c allowed
remote attackers to cause a denial of service (out-of-array access)
via a crafted MP4 file.
CVE-2018-1999012
PREVIOUS
NEXT
<pre><font face="Courier">Package: libav
Version: 6:11.12-1~deb8u6
CVE ID: CVE-2015-1872 CVE-2017-14058 CVE-2017-1000460 CVE-2018-6392
Debian Bug:
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!