[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 464-1] libav security update



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Package        : libav
Version        : 6:0.8.17-2+deb7u1
CVE ID         : CVE-2014-9676

It was discovered that there was a use-after free vulnerability in
libav, a multimedia player, server, encoder and transcoder library.

The seg_write_packet function in libavformat/segment.c in ffmpeg
2.1.4 and earlier does not free the correct memory location, which
allows remote attackers to cause a denial of service ("invalid
memory handler") and possibly execute arbitrary code via a crafted
video that triggers a use after free.

For Debian 7 Wheezy, this issue has been fixed in libav version
6:0.8.17-2+deb7u1.

We recommend that you upgrade your libav packages.


Regards,

- -- 
      ,''`.
     : :'  :     Chris Lamb
     `. `'`      lamby@debian.org / chris-lamb.co.uk
       `-

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJXMcClAAoJEB6VPifUMR5YdpYQAJGMflcjdlOJYPdkuJ2CMjnW
DBSEJKU6i0sJFSel7oEqCiHlWmbDgEPpLbuFKWRydR4WgV7sTHrv+CdrUlT1I4zM
ur6O6Hj7TTGQKW/YVSQJ9M6DqeIiD8ugnvjUb3+vPKBrdnsNwX5bg+nhWQxfXibX
OmYCOrxooIUKj27T3m/gHzxsWfQvhunb7xg5H5X+UIgc8GbxUkucB+Tx+naUu/kK
xgYo8Kj24sIKdxnoL0B79ceo2jBFiqmeRU85u1TSdM+MCRYJWSiozhOo6u+Dzmdb
AhZnNDxdXZBvIdn+7Ic6UnowCYVWaFzZrfbzz2IpeMsRLV87hy04O8LNCjVXmH2b
opLMM2D6UtnQyOulHWNtDk2Oym6vzdsrcWHyHS5ymL3s3+xKo78/BFPR2i/qPdTT
YHd7cy2OIO87I6EuMMfldNbYjbGrjQQkV/V58TDt2LoSrT1VJm5vxgw7EHFFRssU
CX5f2aNjVImqNtBI9/GDM5bEbvUVbDMIoC77BIu9RT9Drcud3UHZF84KpRgUbwZ7
E4LjOgLLdTRafT/4hrrznkO3Euyqx1XCd0B/U/fE8+B16qHdy0x8PjDZhqlwqs8K
fa5ZjplEDPolnfLb/VKm38JRNA8bw8bqnILfuZZ/1ao0AcoFZhd326SQtnBayxG7
FM+kxU5SAjF4jfE+6Dmi
=jF3L
-----END PGP SIGNATURE-----


Reply to: