From the Mageia advisory:
* CVE-2013-3671:
The format_line function in log.c in libavutil uses inapplicable offset
data during a certain category calculation, which allows remote attackers
to cause a denial of service (invalid pointer dereference and application
crash) via crafted data that triggers a log message.
* CVE-2013-3672:
The mm_decode_inter function in mmvideo.c in libavcodec does not validate
the relationship between a horizontal coordinate and a width value, which
allows remote attackers to cause a denial of service (out-of-bounds array
access and application crash) via crafted American Laser Games (ALG) MM
Video data.
* CVE-2013-3673:
The gif_decode_frame function in gifdec.c in libavcodec does not properly
manage the disposal methods of frames, which allows remote attackers to
cause a denial of service (out-of-bounds array access and application crash)
via crafted GIF data.
* CVE-2013-3674:
The cdg_decode_frame function in cdgraphics.c in libavcodec does not validate
the presence of non-header data in a buffer, which allows remote attackers to
cause a denial of service (out-of-bounds array access and application crash)
via crafted CD Graphics Video data.
| 