[ MDVSA-2015:173 ] ffmpeg

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2015:173
 http://www.mandriva.com/en/support/security/
 _______________________________________________________________________

 Package : ffmpeg
 Date    : March 30, 2015
 Affected: Business Server 2.0
 _______________________________________________________________________

 Problem Description:

 Updated ffmpeg packages fix security vulnerabilities:
 
 The tak_decode_frame function in libavcodec/takdec.c in FFmpeg before
 2.0.4 does not properly validate a certain bits-per-sample value, which
 allows remote attackers to cause a denial of service (out-of-bounds
 array access) or possibly have unspecified other impact via crafted
 TAK (aka Tom's lossless Audio Kompressor) data (CVE-2014-2097).
 
 libavcodec/wmalosslessdec.c in FFmpeg before 2.0.4 uses an incorrect
 data-structure size for certain coefficients, which all

007 Software

[ MDVSA-2015:173 ] ffmpeg

Leave a Reply Cancel reply

Software and Security Information