Package "libav-doc"
Name: |
libav-doc
|
Description: |
Documentation of the Libav API
|
Latest version: |
4:0.8.17-0ubuntu0.12.04.2 |
Release: |
precise (12.04) |
Level: |
security |
Repository: |
main |
Head package: |
libav |
Homepage: |
http://libav.org/ |
Links
Download "libav-doc"
Other versions of "libav-doc" in Precise
Changelog
libav (4:0.8.17-0ubuntu0.12.04.2) precise-security; urgency=medium
* SECURITY UPDATE: invalid memory access via crafted MJPEG data
- debian/patches/CVE-2014-8541.patch: check for pixel format changes in
libavcodec/mjpegdec.c.
- CVE-2014-8541
* SECURITY UPDATE: out of array access in ff_mjpeg_decode_sof
- debian/patches/CVE-2015-1872.patch: check number of components in
libavcodec/mjpegdec.c.
- CVE-2015-1872
* SECURITY UPDATE: out of bounds array access in msrle_decode_pal4
- debian/patches/CVE-2015-3395.patch: determine frame size in
libavcodec/msrledec.c.
- CVE-2015-3395
* SECURITY UPDATE: size issue in ff_h263_decode_picture_header
- debian/patches/CVE-2015-5479.patch: check both dimensions in
libavcodec/ituh263dec.c.
- CVE-2015-5479
* SECURITY UPDATE: out of bounds array access in decode_ihdr_chunk
- debian/patches/CVE-2015-6818.patch: only allow one IHDR chunk in
libavcodec/pngdec.c.
- CVE-2015-6818
* SECURITY UPDATE: out of bounds array access in ff_sbr_apply
- debian/patches/CVE-2015-6820.patch: check that the element type
matches in libavcodec/aacsbr.c, libavcodec/sbr.h.
- CVE-2015-6820
* SECURITY UPDATE: uninitialized memory access in sws_init_context
- debian/patches/CVE-2015-6824.patch: clear buffers in
libswscale/utils.c
- CVE-2015-6824
* SECURITY UPDATE: invalid pointer use in ff_rv34_decode_init_thread_copy
- debian/patches/CVE-2015-6826.patch: clear pointers in
libavcodec/rv34.c.
- CVE-2015-6826
* SECURITY UPDATE: integer overflow in ff_ivi_init_planes
- debian/patches/CVE-2015-8364.patch: check image dimensions in
libavcodec/ivi_common.c.
- CVE-2015-8364
* SECURITY UPDATE: out of bounds array access in smka_decode_frame
- debian/patches/CVE-2015-8365.patch: validate data size in
libavcodec/smacker.c.
- CVE-2015-8365
* SECURITY UPDATE: cross-origin attack and arbitrary file read via the
concat protocol
- debian/confflags: disable concat protocol.
- CVE-2016-1897
- CVE-2016-1898
* SECURITY UPDATE: integer overflow in asf_write_packet
- debian/patches/CVE-2016-2326.patch: check pts in
libavformat/asfenc.c.
- CVE-2016-2326
* SECURITY UPDATE: out of bounds array access via tga file
- debian/patches/CVE-2016-2330.patch: fix lzw buffer size in
libavcodec/gif.c.
- CVE-2016-2330
-- Marc Deslauriers <email address hidden> Fri, 01 Apr 2016 08:30:13 -0400
|
Source diff to previous version |
CVE-2014-8541 |
libavcodec/mjpegdec.c in FFmpeg before 2.4.2 considers only dimension differences, and not bits-per-pixel differences, when determining whether an im |
CVE-2015-1872 |
The ff_mjpeg_decode_sof function in libavcodec/mjpegdec.c in FFmpeg before 2.5.4 does not validate the number of components in a JPEG-LS Start Of Fra |
CVE-2015-3395 |
The msrle_decode_pal4 function in msrledec.c in Libav before 10.7 and 11.x before 11.4 and FFmpeg before 2.0.7, 2.2.x before 2.2.15, 2.4.x before 2.4 |
CVE-2015-6818 |
The decode_ihdr_chunk function in libavcodec/pngdec.c in FFmpeg before 2.7.2 does not enforce uniqueness of the IHDR (aka image header) chunk in a PN |
CVE-2015-6820 |
The ff_sbr_apply function in libavcodec/aacsbr.c in FFmpeg before 2.7.2 does not check for a matching AAC frame syntax element before proceeding with |
CVE-2015-6824 |
The sws_init_context function in libswscale/utils.c in FFmpeg before 2.7.2 does not initialize certain pixbuf data structures, which allows remote at |
CVE-2015-6826 |
The ff_rv34_decode_init_thread_copy function in libavcodec/rv34.c in FFmpeg before 2.7.2 does not initialize certain structure members, which allows |
CVE-2015-8364 |
Integer overflow in the ff_ivi_init_planes function in libavcodec/ivi.c in FFmpeg before 2.6.5, 2.7.x before 2.7.3, and 2.8.x through 2.8.2 allows re |
CVE-2015-8365 |
The smka_decode_frame function in libavcodec/smacker.c in FFmpeg before 2.6.5, 2.7.x before 2.7.3, and 2.8.x through 2.8.2 does not verify that the d |
CVE-2016-1897 |
FFmpeg 2.x allows remote attackers to conduct cross-origin attacks and read arbitrary files by using the concat protocol in an HTTP Live Streaming (H |
CVE-2016-1898 |
FFmpeg 2.x allows remote attackers to conduct cross-origin attacks and read arbitrary files by using the subfile protocol in an HTTP Live Streaming ( |
CVE-2016-2326 |
Integer overflow in the asf_write_packet function in libavformat/asfenc.c in FFmpeg before 2.8.5 allows remote attackers to cause a denial of service |
CVE-2016-2330 |
libavcodec/gif.c in FFmpeg before 2.8.6 does not properly calculate a buffer size, which allows remote attackers to cause a denial of service (out-of |
|
libav (4:0.8.17-0ubuntu0.12.04.1) precise-security; urgency=medium
* Update to 0.8.17 to fix multiple security issues (LP: #1432610)
- CVE-2014-8542
- CVE-2014-8543
- CVE-2014-8544
- CVE-2014-8547
- CVE-2014-8548
- CVE-2014-9604
-- Marc Deslauriers <email address hidden> Mon, 16 Mar 2015 08:10:23 -0400
|
Source diff to previous version |
1432610 |
Libav security fixes March 2015 |
CVE-2014-8542 |
libavcodec/utils.c in FFmpeg before 2.4.2 omits a certain codec ID during enforcement of alignment, which allows remote attackers to cause a denial o |
CVE-2014-8543 |
libavcodec/mmvideo.c in FFmpeg before 2.4.2 does not consider all lines of HHV Intra blocks during validation of image height, which allows remote at |
CVE-2014-8544 |
libavcodec/tiff.c in FFmpeg before 2.4.2 does not properly validate bits-per-pixel fields, which allows remote attackers to cause a denial of service |
CVE-2014-8547 |
libavcodec/gifdec.c in FFmpeg before 2.4.2 does not properly compute image heights, which allows remote attackers to cause a denial of service (out-o |
CVE-2014-8548 |
Off-by-one error in libavcodec/smc.c in FFmpeg before 2.4.2 allows remote attackers to cause a denial of service (out-of-bounds access) or possibly h |
CVE-2014-9604 |
libavcodec/utvideodec.c in FFmpeg before 2.5.2 does not check for a zero value of a slice height, which allows remote attackers to cause a denial of |
|
libav (4:0.8.16-0ubuntu0.12.04.1) precise-security; urgency=medium
* Update to 0.8.16 to fix multiple security issues (LP: #1370175)
* debian/patches/fix_ftbfs_ff_get_buffer.patch: dropped, no longer
needed.
* debian/patches/04-ffmpeg-warning-change.patch: dropped, no longer
needed.
-- Marc Deslauriers <email address hidden> Tue, 16 Sep 2014 13:15:21 -0400
|
Source diff to previous version |
1370175 |
Libav security fixes Sept 2014 |
|
libav (4:0.8.15-0ubuntu0.12.04.1) precise-security; urgency=medium
* Update to 0.8.15 to fix multiple security issues (LP: #1354755)
* debian/patches/fix_ftbfs_ff_get_buffer.patch: Add more missing
#includes for ff_get_buffer() to fix ftbfs.
-- Marc Deslauriers <email address hidden> Sun, 10 Aug 2014 09:59:10 -0400
|
Source diff to previous version |
1354755 |
Libav security fixes Aug 2014 |
|
libav (4:0.8.13-0ubuntu0.12.04.1) precise-security; urgency=medium
* Update to 0.8.13 to fix multiple security issues (LP: #1341216)
-- Marc Deslauriers <email address hidden> Tue, 15 Jul 2014 07:24:55 -0400
|
1341216 |
Libav security fixes Jul 2014 |
|
About
-
Send Feedback to @ubuntu_updates