Описание
Security update for ffmpeg
This update to ffmpeg 2.8.4 fixes the following issues:
- CVE-2015-8661: Denial of service via crafted .mov file [boo#960385]
- CVE-2015-8662: Denial of service via crafted JPEG 2000 data [boo#960384]
- CVE-2015-8663: Denial of service via crafted H.264 data [boo#960383]
Список пакетов
openSUSE Leap 42.1
Ссылки
- E-Mail link for openSUSE-SU-2016:0089-1
- SUSE Security Ratings
Описание
The h264_slice_header_init function in libavcodec/h264_slice.c in FFmpeg before 2.8.3 does not validate the relationship between the number of threads and the number of slices, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted H.264 data.
Затронутые продукты
Ссылки
- CVE-2015-8661
- SUSE Bug 960385
Описание
The ff_dwt_decode function in libavcodec/jpeg2000dwt.c in FFmpeg before 2.8.4 does not validate the number of decomposition levels before proceeding with Discrete Wavelet Transform decoding, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted JPEG 2000 data.
Затронутые продукты
Ссылки
- CVE-2015-8662
- SUSE Bug 960384
Описание
The ff_get_buffer function in libavcodec/utils.c in FFmpeg before 2.8.4 preserves width and height values after a failure, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via a crafted .mov file.
Затронутые продукты
Ссылки
- CVE-2015-8663
- SUSE Bug 960383