[3.3] ffmpeg: heap overflows (CVE-2017-5024, CVE-2017-5025 ++)
CVE-2017-5024 (arbitrary code execution)
A heap overflow flaw was found in FFmpeg.
Fixed in 2.8.11
CVE-2017-5025 (arbitrary code execution)
A heap overflow flaw was found in FFmpeg.
Fixed in 2.8.11
2.8.10
Fixes following vulnerabilities:
CVE-2016-10190,
CVE-2016-10191,
CVE-2016-10192,
2.8.9
Fixes following vulnerabilities:
CVE-2016-7502,
CVE-2016-7785,
CVE-2016-7905,
CVE-2016-7562,
2.8.8
Fixes following vulnerabilities:
CVE-2016-6164,
CVE-2016-6881,
CVE-2016-7122,
CVE-2016-7450,
2.8.6
Fixes following vulnerabilities:
CVE-2016-2213,
CVE-2016-2328,
CVE-2016-2329,
CVE-2016-2330
References:
https://ffmpeg.org/security.html
(from redmine: issue id 6872, created on 2017-02-16, closed on 2017-09-05)
- Relations:
- parent #6868 (closed)
- Changesets:
- Revision b6ecf2bd by Sergei Lukin on 2017-02-22T07:47:26Z:
main/ffmpeg: security upgrade to 2.8.11 - fixes #6872
CVE-2017-5024
CVE-2017-5025
CVE-2016-10190
CVE-2016-10191
CVE-2016-10192
CVE-2016-7502
CVE-2016-7785
CVE-2016-7905
CVE-2016-7562
CVE-2016-6164
CVE-2016-6881
CVE-2016-7122
CVE-2016-7450
CVE-2016-2213
CVE-2016-2328
CVE-2016-2329
CVE-2016-2330