Описание
Security update for ffmpeg
This update to ffmpeg 2.8.3 fixes the following security issues:
- CVE-2015-8363: Check for duplicate SIZ marker / asan_heap-oob [boo#957114]
- CVE-2015-8364: Check image dimensions / integer overflow [boo#957115]
- CVE-2015-8365: out of array access / asan_heap-oob [boo#957116]
Список пакетов
openSUSE Leap 42.1
Ссылки
- E-Mail link for openSUSE-SU-2015:2370-1
- SUSE Security Ratings
Описание
The jpeg2000_read_main_headers function in libavcodec/jpeg2000dec.c in FFmpeg before 2.6.5, 2.7.x before 2.7.3, and 2.8.x through 2.8.2 does not enforce uniqueness of the SIZ marker in a JPEG 2000 image, which allows remote attackers to cause a denial of service (out-of-bounds heap-memory access) or possibly have unspecified other impact via a crafted image with two or more of these markers.
Затронутые продукты
Ссылки
- CVE-2015-8363
- SUSE Bug 957114
Описание
Integer overflow in the ff_ivi_init_planes function in libavcodec/ivi.c in FFmpeg before 2.6.5, 2.7.x before 2.7.3, and 2.8.x through 2.8.2 allows remote attackers to cause a denial of service (out-of-bounds heap-memory access) or possibly have unspecified other impact via crafted image dimensions in Indeo Video Interactive data.
Затронутые продукты
Ссылки
- CVE-2015-8364
- SUSE Bug 957115
Описание
The smka_decode_frame function in libavcodec/smacker.c in FFmpeg before 2.6.5, 2.7.x before 2.7.3, and 2.8.x through 2.8.2 does not verify that the data size is consistent with the number of channels, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted Smacker data.
Затронутые продукты
Ссылки
- CVE-2015-8365
- SUSE Bug 957116