Описание
Security update for libav
This update for libav fixes the two following security issues:
- CVE-2016-3062: A MP4 memory corruption was fixed that could lead to crashes or code execution. (boo#984487)
- CVE-2015-5479: A crash due to a divide by zero was fixed in ff_h263_decode_mba() that could lead to decoder crashes. (boo#949760)
Список пакетов
openSUSE Leap 42.1
libav-11.4-5.1
libav-tools-11.4-5.1
libavcodec-libav-devel-11.4-5.1
libavcodec-libav56-11.4-5.1
libavdevice-libav-devel-11.4-5.1
libavdevice-libav55-11.4-5.1
libavfilter-libav-devel-11.4-5.1
libavfilter-libav5-11.4-5.1
libavformat-libav-devel-11.4-5.1
libavformat-libav56-11.4-5.1
libavresample-libav-devel-11.4-5.1
libavresample-libav2-11.4-5.1
libavutil-libav-devel-11.4-5.1
libavutil-libav54-11.4-5.1
libswscale-libav-devel-11.4-5.1
libswscale-libav3-11.4-5.1
Ссылки
- E-Mail link for openSUSE-SU-2016:1685-1
- SUSE Security Ratings
Описание
The ff_h263_decode_mba function in libavcodec/ituh263dec.c in Libav before 11.5 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a file with crafted dimensions.
Затронутые продукты
openSUSE Leap 42.1:libav-11.4-5.1
openSUSE Leap 42.1:libav-tools-11.4-5.1
openSUSE Leap 42.1:libavcodec-libav-devel-11.4-5.1
openSUSE Leap 42.1:libavcodec-libav56-11.4-5.1
Ссылки
- CVE-2015-5479
- SUSE Bug 949760
Описание
The mov_read_dref function in libavformat/mov.c in Libav before 11.7 and FFmpeg before 0.11 allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via the entries value in a dref box in an MP4 file.
Затронутые продукты
openSUSE Leap 42.1:libav-11.4-5.1
openSUSE Leap 42.1:libav-tools-11.4-5.1
openSUSE Leap 42.1:libavcodec-libav-devel-11.4-5.1
openSUSE Leap 42.1:libavcodec-libav56-11.4-5.1
Ссылки
- CVE-2016-3062
- SUSE Bug 984487