Debian alert DLA-2021-1 (libav)
| From: | Sylvain Beucler <beuc@beuc.net> | |
| To: | debian-lts-announce@lists.debian.org | |
| Subject: | [SECURITY] [DLA 2021-1] libav security update | |
| Date: | Thu, 5 Dec 2019 19:48:56 +0100 | |
| Message-ID: | <20191205184856.bp25oy77v7jdovdv@mail.beuc.net> |
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Package : libav Version : 6:11.12-1~deb8u9 CVE ID : CVE-2017-17127 CVE-2017-18245 CVE-2018-19128 CVE-2018-19130 CVE-2019-14443 CVE-2019-17542 Several security issues were fixed in libav, a multimedia library for processing audio and video files. CVE-2017-17127 The vc1_decode_frame function in libavcodec/vc1dec.c allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted file. CVE-2018-19130 is a duplicate of this vulnerability. CVE-2017-18245 The mpc8_probe function in libavformat/mpc8.c allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted audio file on 32-bit systems. CVE-2018-19128 Heap-based buffer over-read in decode_frame in libavcodec/lcldec.c allows an attacker to cause denial-of-service via a crafted avi file. CVE-2019-14443 Division by zero in range_decode_culshift in libavcodec/apedec.c allows remote attackers to cause a denial of service (application crash), as demonstrated by avconv. CVE-2019-17542 Heap-based buffer overflow in vqa_decode_chunk because of an out-of-array access in vqa_decode_init in libavcodec/vqavideo.c. For Debian 8 "Jessie", these problems have been fixed in version 6:11.12-1~deb8u9. We recommend that you upgrade your libav packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- iQEzBAEBCgAdFiEEQic8GuN/xDR88HkSj/HLbo2JBZ8FAl3pRywACgkQj/HLbo2J BZ96jQf7BPpCLuqJz2eNuTpksi56ZWZa0iS7v1rKOEQWpd5c/+fWWC9r+Fz/sEFc cbx+KL4CUWSMgUcmt6yPeyJIUoKWsDEltvruRVGA96RSS/FfEj6/V/1K8okOhagJ oBoC56h10QvvDmVJlekxSrUG0uozsXa8jzg5TOxk1scw5o8JlAXLr9st2IVYIhB0 VFRk20wPxSK8kZzwswCCr9Sy9yAUDeq8nB3tPc4TRTILEkbwJh35gn0F1zf0ON4/ CKbvfQVNeyihz0kQeRIGsLrawRX7omOkbmi7kpAvXNR9DlJlVITHY6eVKPDDq5M2 GOmV/ctP7SQZtTTm6dMmPvA4lD0r+A== =rbOz -----END PGP SIGNATURE-----