SB2017021615 - Buffer overflow in ffmpeg (Alpine package)
Published: February 16, 2017
Security Bulletin ID
SB2017021615
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Buffer overflow (CVE-ID: CVE-2017-5024)
The vulnerability allows a local non-authenticated attacker to perform a denial of service (DoS) attack.
FFmpeg in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, failed to perform proper bounds checking, which allowed a remote attacker to potentially exploit heap corruption via a crafted video file.
Remediation
Install update from vendor's website.
References
- https://git.alpinelinux.org/aports/commit/?id=51f6ecf597126eeff628739bc737bfc8385f81c3
- https://git.alpinelinux.org/aports/commit/?id=b6ecf2bd20269e06721a9c5237b79818152cf0d4
- https://git.alpinelinux.org/aports/commit/?id=66ec3a173e1de5dbb3e6bcd50eebea56932c0cf3
- https://git.alpinelinux.org/aports/commit/?id=2d91f66a4add781d7efde18a08bb937f03e6f102