SUSE Package Hub - openSUSE-2016-1203

Update Info

openSUSE-2016-1203

Security update for ffmpeg

Type: security

Severity: moderate

Issued: 2016-10-18

Description:

This update for ffmpeg fixes multiple security issues in ffmpeg (boo#1003806)

These vulnerabilities can be triggered when processing specially crafted avi video content, and could lead to crashes or have unspecified further impact including potential code execution.

- CVE-2016-7562: out-of-bounds array write fault via specially crafted avi files
- CVE-2016-7502: out-of-bounds array write via incorrect block values
- CVE-2016-7905: null-point-exception when decoding avi files with crafted 'gab2' structs
- CVE-2016-7555: memory leak when decoding avi files with crafted 'strh' struct
- CVE-2016-7785: assert fault via avi files with crafted 'strh' struct

References

CVE: CVE-2016-7905
CVE: CVE-2016-7785
CVE: CVE-2016-7562
CVE: CVE-2016-7555
CVE: CVE-2016-7502
Bugzilla: 1003806 VUL-1: CVE-2016-7122, CVE-2016-7450, CVE-2016-7502, CVE-2016-7555, CVE-2016-7562, CVE-2016-7785, CVE-2016-7905: ffmpeg: Various vulnerabilities

Packages

ffmpeg-2.8.8-6.1