Debian Ffmpeg vulnerabilities

CVE-2014-4610 [HIGH] CVE-2014-4610: ffmpeg - Integer overflow in the get_len function in libavutil/lzo.c in FFmpeg before 0.1... Integer overflow in the get_len function in libavutil/lzo.c in FFmpeg before 0.10.14, 1.1.x before 1.1.12, 1.2.x before 1.2.7, 2.0.x before 2.0.5, 2.1.x before 2.1.5, and 2.2.x before 2.2.4 allows remote attackers to execute arbitrary code via a crafted Literal Run. Scope: local bookworm: resolved (fixed in 7:2.4.1-1) bullseye: resolved (fixed in 7:2.4.1-1) forky: reso

CVE-2014-8547 [HIGH] CVE-2014-8547: ffmpeg - libavcodec/gifdec.c in FFmpeg before 2.4.2 does not properly compute image heigh... libavcodec/gifdec.c in FFmpeg before 2.4.2 does not properly compute image heights, which allows remote attackers to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via crafted GIF data. Scope: local bookworm: resolved (fixed in 7:2.4.3-1) bullseye: resolved (fixed in 7:2.4.3-1) forky: resolved (fixed in 7:2.4.3-1) sid: resolv

CVE-2014-8544 [HIGH] CVE-2014-8544: ffmpeg - libavcodec/tiff.c in FFmpeg before 2.4.2 does not properly validate bits-per-pix... libavcodec/tiff.c in FFmpeg before 2.4.2 does not properly validate bits-per-pixel fields, which allows remote attackers to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via crafted TIFF data. Scope: local bookworm: resolved (fixed in 7:2.4.3-1) bullseye: resolved (fixed in 7:2.4.3-1) forky: resolved (fixed in 7:2.4.3-1) sid

CVE-2014-8543 [HIGH] CVE-2014-8543: ffmpeg - libavcodec/mmvideo.c in FFmpeg before 2.4.2 does not consider all lines of HHV I... libavcodec/mmvideo.c in FFmpeg before 2.4.2 does not consider all lines of HHV Intra blocks during validation of image height, which allows remote attackers to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via crafted MM video data. Scope: local bookworm: resolved (fixed in 7:2.4.3-1) bullseye: resolved (fixed in 7:2.4.3-1)

CVE-2014-7937 [HIGH] CVE-2014-7937: ffmpeg - Multiple off-by-one errors in libavcodec/vorbisdec.c in FFmpeg before 2.4.2, as ... Multiple off-by-one errors in libavcodec/vorbisdec.c in FFmpeg before 2.4.2, as used in Google Chrome before 40.0.2214.91, allow remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted Vorbis I data. Scope: local bookworm: resolved (fixed in 7:2.4.2-1) bullseye: resolved (fixed in 7:2.4.2-1) forky: resolved (

CVE-2014-9604 [HIGH] CVE-2014-9604: ffmpeg - libavcodec/utvideodec.c in FFmpeg before 2.5.2 does not check for a zero value o... libavcodec/utvideodec.c in FFmpeg before 2.5.2 does not check for a zero value of a slice height, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted Ut Video data, related to the (1) restore_median and (2) restore_median_il functions. Scope: local bookworm: resolved (fixed in 7:2

CVE-2014-8541 [HIGH] CVE-2014-8541: ffmpeg - libavcodec/mjpegdec.c in FFmpeg before 2.4.2 considers only dimension difference... libavcodec/mjpegdec.c in FFmpeg before 2.4.2 considers only dimension differences, and not bits-per-pixel differences, when determining whether an image size has changed, which allows remote attackers to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via crafted MJPEG data. Scope: local bookworm: resolved (fixed in 7:2.4.3-1)

CVE-2014-9603 [HIGH] CVE-2014-9603: ffmpeg - The vmd_decode function in libavcodec/vmdvideo.c in FFmpeg before 2.5.2 does not... The vmd_decode function in libavcodec/vmdvideo.c in FFmpeg before 2.5.2 does not validate the relationship between a certain length value and the frame width, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted Sierra VMD video data. Scope: local bookworm: resolved (fixed in 7:2.5

CVE-2014-9317 [HIGH] CVE-2014-9317: ffmpeg - The decode_ihdr_chunk function in libavcodec/pngdec.c in FFMpeg before 2.1.6, 2.... The decode_ihdr_chunk function in libavcodec/pngdec.c in FFMpeg before 2.1.6, 2.2.x through 2.3.x, and 2.4.x before 2.4.4 allows remote attackers to cause a denial of service (out-of-bounds heap access) and possibly have other unspecified impact via an IDAT before an IHDR in a PNG file. Scope: local bookworm: resolved (fixed in 2.4.4-1) bullseye: resolved (fixed in 2.4

CVE-2014-7933 [HIGH] CVE-2014-7933: ffmpeg - Use-after-free vulnerability in the matroska_read_seek function in libavformat/m... Use-after-free vulnerability in the matroska_read_seek function in libavformat/matroskadec.c in FFmpeg before 2.5.1, as used in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted Matroska file that triggers improper maintenance of tracks data. Scope: local bookworm: resolved (f

CVE-2014-8542 [HIGH] CVE-2014-8542: ffmpeg - libavcodec/utils.c in FFmpeg before 2.4.2 omits a certain codec ID during enforc... libavcodec/utils.c in FFmpeg before 2.4.2 omits a certain codec ID during enforcement of alignment, which allows remote attackers to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via crafted JV data. Scope: local bookworm: resolved (fixed in 7:2.4.3-1) bullseye: resolved (fixed in 7:2.4.3-1) forky: resolved (fixed in 7:2.4.3

CVE-2014-8545 [HIGH] CVE-2014-8545: ffmpeg - libavcodec/pngdec.c in FFmpeg before 2.4.2 accepts the monochrome-black format w... libavcodec/pngdec.c in FFmpeg before 2.4.2 accepts the monochrome-black format without verifying that the bits-per-pixel value is 1, which allows remote attackers to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via crafted PNG data. Scope: local bookworm: resolved (fixed in 7:2.4.3-1) bullseye: resolved (fixed in 7:2.4.3-1)

CVE-2014-9318 [HIGH] CVE-2014-9318: ffmpeg - The raw_decode function in libavcodec/rawdec.c in FFMpeg before 2.1.6, 2.2.x thr... The raw_decode function in libavcodec/rawdec.c in FFMpeg before 2.1.6, 2.2.x through 2.3.x, and 2.4.x before 2.4.4 allows remote attackers to cause a denial of service (out-of-bounds heap access) and possibly have other unspecified impact via a crafted .cine file that triggers the avpicture_get_size function to return a negative frame size. Scope: local bookworm: resol

CVE-2014-8548 [HIGH] CVE-2014-8548: ffmpeg - Off-by-one error in libavcodec/smc.c in FFmpeg before 2.4.2 allows remote attack... Off-by-one error in libavcodec/smc.c in FFmpeg before 2.4.2 allows remote attackers to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via crafted Quicktime Graphics (aka SMC) video data. Scope: local bookworm: resolved (fixed in 7:2.4.3-1) bullseye: resolved (fixed in 7:2.4.3-1) forky: resolved (fixed in 7:2.4.3-1) sid: resol

CVE-2014-8546 [HIGH] CVE-2014-8546: ffmpeg - Integer underflow in libavcodec/cinepak.c in FFmpeg before 2.4.2 allows remote a... Integer underflow in libavcodec/cinepak.c in FFmpeg before 2.4.2 allows remote attackers to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via crafted Cinepak video data. Scope: local bookworm: resolved (fixed in 7:2.4.3-1) bullseye: resolved (fixed in 7:2.4.3-1) forky: resolved (fixed in 7:2.4.3-1) sid: resolved (fixed in 7:

CVE-2014-8549 [HIGH] CVE-2014-8549: ffmpeg - libavcodec/on2avc.c in FFmpeg before 2.4.2 does not constrain the number of chan... libavcodec/on2avc.c in FFmpeg before 2.4.2 does not constrain the number of channels to at most 2, which allows remote attackers to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via crafted On2 data. Scope: local bookworm: resolved (fixed in 7:2.4.3-1) bullseye: resolved (fixed in 7:2.4.3-1) forky: resolved (fixed in 7:2.4.3

CVE-2014-2263 [MEDIUM] CVE-2014-2263: ffmpeg - The mpegts_write_pmt function in the MPEG2 transport stream (aka DVB) muxer (lib... The mpegts_write_pmt function in the MPEG2 transport stream (aka DVB) muxer (libavformat/mpegtsenc.c) in FFmpeg, possibly 2.1 and earlier, allows remote attackers to have unspecified impact and vectors, which trigger an out-of-bounds write. Scope: local bookworm: resolved (fixed in 7:2.4.1-1) bullseye: resolved (fixed in 7:2.4.1-1) forky: resolved (fixed in 7:2.4.1-1

CVE-2014-5272 [MEDIUM] CVE-2014-5272: ffmpeg - libavcodec/iff.c in FFMpeg before 1.1.14, 1.2.x before 1.2.8, 2.2.x before 2.2.7... libavcodec/iff.c in FFMpeg before 1.1.14, 1.2.x before 1.2.8, 2.2.x before 2.2.7, and 2.3.x before 2.3.2 allows remote attackers to have unspecified impact via a crafted iff image, which triggers an out-of-bounds array access, related to the rgb8 and rgbn formats. Scope: local bookworm: resolved (fixed in 7:2.4.1-1) bullseye: resolved (fixed in 7:2.4.1-1) forky: reso

CVE-2014-9319 [MEDIUM] CVE-2014-9319: ffmpeg - The ff_hevc_decode_nal_sps function in libavcodec/hevc_ps.c in FFMpeg before 2.1... The ff_hevc_decode_nal_sps function in libavcodec/hevc_ps.c in FFMpeg before 2.1.6, 2.2.x through 2.3.x, and 2.4.x before 2.4.4 allows remote attackers to cause a denial of service (out-of-bounds access) via a crafted .bit file. Scope: local bookworm: resolved (fixed in 2.4.4-1) bullseye: resolved (fixed in 2.4.4-1) forky: resolved (fixed in 2.4.4-1) sid: resolved (f

CVE-2014-125018 [MEDIUM] CVE-2014-125018: ffmpeg - A vulnerability, which was classified as problematic, has been found in FFmpeg 2... A vulnerability, which was classified as problematic, has been found in FFmpeg 2.0. Affected by this issue is the function decode_slice_header. The manipulation leads to memory corruption. The attack may be launched remotely. It is recommended to apply a patch to fix this issue. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trix