MGASA-2020-0046 - Updated ffmpeg packages fix security vulnerabilities

Publication date: 22 Jan 2020
Type: security
Affected Mageia releases: 7
CVE: CVE-2019-17539,

Updated ffmpeg packages fix security vulnerabilities:

This update provides ffmpeg version 4.1.5, which fixes several bugs, and
atleasst the follwing security vulnerabilities:

In FFmpeg before 4.2, avcodec_open2 in libavcodec/utils.c allows a NULL
pointer dereference and possibly unspecified other impact when there is
no valid close function pointer (CVE-2019-17539).

FFmpeg before 4.2 has a heap-based buffer overflow in vqa_decode_chunk
because of an out-of-array access in vqa_decode_init in libavcodec/
vqavideo.c (CVE-2019-17542).


- 7/tainted/ffmpeg-4.1.5-1.mga7.tainted
- 7/core/ffmpeg-4.1.5-1.mga7