Alerts This Week
Warning Icon 1 692
Alerts This Week
Warning Icon 1 692

Mageia 9: 2024-0283 Critical: FFmpeg Buffer Overflow Remote Attack

mageia
Calendar Grey September 9, 2024
Dist Mageia Esm H88
Important ffmpeg enhancements for Mageia address buffer overflow and potential security risks. Check the recent security announcement for comprehensive information.
A vulnerability was found in FFmpeg up to 7.0.1

Summary

A vulnerability was found in FFmpeg up to 7.0.1. It has been classified as critical. This affects the function pnm_decode_frame in the library /libavcodec/pnmdec.c. The manipulation leads to heap-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. (CVE-2024-7055) A vulnerability, which was classified as critical, was found in FFmpeg up to 5.1.5. This affects the function fill_audiodata of the file /libswresample/swresample.c. The manipulation leads to heap-based buffer overflow. It is possible to initiate the attack remotely. (CVE-2024-7272)

References

- https://bugs.mageia.org/show_bug.cgi?id=33524

-

- https://www.cve.org/CVERecord?id=CVE-2024-7055

- https://www.cve.org/CVERecord?id=CVE-2024-7272

Topics%20covered

Topics Covered

security advisory buffer overflow remote attack critical threat ffmpeg upgrades Mageia

Resolution

SRPMS

- 9/core/ffmpeg-5.1.6-1.mga9

- 9/tainted/ffmpeg-5.1.6-1.mga9.tainted

Severity
critical
Lowest
Low
Medium
High
Critical

Publication date: 09 Sep 2024
URL: https://advisories.mageia.org/MGASA-2024-0283.html
Type: security
CVE: CVE-2024-7055, CVE-2024-7272

Topics%20covered

Topics Covered

security advisory buffer overflow remote attack critical threat ffmpeg upgrades Mageia

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here