SB2014090302 - Buffer overflow in ffmpeg (Alpine package)
Published: September 3, 2014
Security Bulletin ID
SB2014090302
Severity
Medium
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Remote access
Highest impact
Data manipulation
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Buffer overflow (CVE-ID: CVE-2014-5272)
The vulnerability allows a remote non-authenticated attacker to read and manipulate data.
libavcodec/iff.c in FFMpeg before 1.1.14, 1.2.x before 1.2.8, 2.2.x before 2.2.7, and 2.3.x before 2.3.2 allows remote attackers to have unspecified impact via a crafted iff image, which triggers an out-of-bounds array access, related to the rgb8 and rgbn formats.
Remediation
Install update from vendor's website.
References
- https://git.alpinelinux.org/aports/commit/?id=5da3fcd40ac752ff0dc0d3e73f2d1b055dfeb4cc
- https://git.alpinelinux.org/aports/commit/?id=b8346d08b59afe9645d7b046b91cc3b763076624
- https://git.alpinelinux.org/aports/commit/?id=5868f7fa0541a030450a30cdcbbd3aef2b0ac7b1
- https://git.alpinelinux.org/aports/commit/?id=2788d43f90cf45108b248000198cc2011524477a