UbuntuUpdates.org

Package "ffmpeg"

Name: ffmpeg

Description:

Multimedia player, server, encoder and transcoder (transitional package)

Latest version: 4:0.8.17-0ubuntu0.12.04.2
Release: precise (12.04)
Level: updates
Repository: main
Head package: libav
Homepage: http://libav.org/

Links


Download "ffmpeg"


Other versions of "ffmpeg" in Precise

Repository Area Version
base main 4:0.8.1-0ubuntu1
security main 4:0.8.17-0ubuntu0.12.04.2

Changelog

Version: 4:0.8.17-0ubuntu0.12.04.2 2016-04-04 20:07:00 UTC

  libav (4:0.8.17-0ubuntu0.12.04.2) precise-security; urgency=medium

  * SECURITY UPDATE: invalid memory access via crafted MJPEG data
    - debian/patches/CVE-2014-8541.patch: check for pixel format changes in
      libavcodec/mjpegdec.c.
    - CVE-2014-8541
  * SECURITY UPDATE: out of array access in ff_mjpeg_decode_sof
    - debian/patches/CVE-2015-1872.patch: check number of components in
      libavcodec/mjpegdec.c.
    - CVE-2015-1872
  * SECURITY UPDATE: out of bounds array access in msrle_decode_pal4
    - debian/patches/CVE-2015-3395.patch: determine frame size in
      libavcodec/msrledec.c.
    - CVE-2015-3395
  * SECURITY UPDATE: size issue in ff_h263_decode_picture_header
    - debian/patches/CVE-2015-5479.patch: check both dimensions in
      libavcodec/ituh263dec.c.
    - CVE-2015-5479
  * SECURITY UPDATE: out of bounds array access in decode_ihdr_chunk
    - debian/patches/CVE-2015-6818.patch: only allow one IHDR chunk in
      libavcodec/pngdec.c.
    - CVE-2015-6818
  * SECURITY UPDATE: out of bounds array access in ff_sbr_apply
    - debian/patches/CVE-2015-6820.patch: check that the element type
      matches in libavcodec/aacsbr.c, libavcodec/sbr.h.
    - CVE-2015-6820
  * SECURITY UPDATE: uninitialized memory access in sws_init_context
    - debian/patches/CVE-2015-6824.patch: clear buffers in
      libswscale/utils.c
    - CVE-2015-6824
  * SECURITY UPDATE: invalid pointer use in ff_rv34_decode_init_thread_copy
    - debian/patches/CVE-2015-6826.patch: clear pointers in
      libavcodec/rv34.c.
    - CVE-2015-6826
  * SECURITY UPDATE: integer overflow in ff_ivi_init_planes
    - debian/patches/CVE-2015-8364.patch: check image dimensions in
      libavcodec/ivi_common.c.
    - CVE-2015-8364
  * SECURITY UPDATE: out of bounds array access in smka_decode_frame
    - debian/patches/CVE-2015-8365.patch: validate data size in
      libavcodec/smacker.c.
    - CVE-2015-8365
  * SECURITY UPDATE: cross-origin attack and arbitrary file read via the
    concat protocol
    - debian/confflags: disable concat protocol.
    - CVE-2016-1897
    - CVE-2016-1898
  * SECURITY UPDATE: integer overflow in asf_write_packet
    - debian/patches/CVE-2016-2326.patch: check pts in
      libavformat/asfenc.c.
    - CVE-2016-2326
  * SECURITY UPDATE: out of bounds array access via tga file
    - debian/patches/CVE-2016-2330.patch: fix lzw buffer size in
      libavcodec/gif.c.
    - CVE-2016-2330

 -- Marc Deslauriers <email address hidden> Fri, 01 Apr 2016 08:30:13 -0400

Source diff to previous version
CVE-2014-8541 libavcodec/mjpegdec.c in FFmpeg before 2.4.2 considers only dimension differences, and not bits-per-pixel differences, when determining whether an im
CVE-2015-1872 The ff_mjpeg_decode_sof function in libavcodec/mjpegdec.c in FFmpeg before 2.5.4 does not validate the number of components in a JPEG-LS Start Of Fra
CVE-2015-3395 The msrle_decode_pal4 function in msrledec.c in Libav before 10.7 and 11.x before 11.4 and FFmpeg before 2.0.7, 2.2.x before 2.2.15, 2.4.x before 2.4
CVE-2015-6818 The decode_ihdr_chunk function in libavcodec/pngdec.c in FFmpeg before 2.7.2 does not enforce uniqueness of the IHDR (aka image header) chunk in a PN
CVE-2015-6820 The ff_sbr_apply function in libavcodec/aacsbr.c in FFmpeg before 2.7.2 does not check for a matching AAC frame syntax element before proceeding with
CVE-2015-6824 The sws_init_context function in libswscale/utils.c in FFmpeg before 2.7.2 does not initialize certain pixbuf data structures, which allows remote at
CVE-2015-6826 The ff_rv34_decode_init_thread_copy function in libavcodec/rv34.c in FFmpeg before 2.7.2 does not initialize certain structure members, which allows
CVE-2015-8364 Integer overflow in the ff_ivi_init_planes function in libavcodec/ivi.c in FFmpeg before 2.6.5, 2.7.x before 2.7.3, and 2.8.x through 2.8.2 allows re
CVE-2015-8365 The smka_decode_frame function in libavcodec/smacker.c in FFmpeg before 2.6.5, 2.7.x before 2.7.3, and 2.8.x through 2.8.2 does not verify that the d
CVE-2016-1897 FFmpeg 2.x allows remote attackers to conduct cross-origin attacks and read arbitrary files by using the concat protocol in an HTTP Live Streaming (H
CVE-2016-1898 FFmpeg 2.x allows remote attackers to conduct cross-origin attacks and read arbitrary files by using the subfile protocol in an HTTP Live Streaming (
CVE-2016-2326 Integer overflow in the asf_write_packet function in libavformat/asfenc.c in FFmpeg before 2.8.5 allows remote attackers to cause a denial of service
CVE-2016-2330 libavcodec/gif.c in FFmpeg before 2.8.6 does not properly calculate a buffer size, which allows remote attackers to cause a denial of service (out-of

Version: 4:0.8.17-0ubuntu0.12.04.1 2015-03-17 15:07:10 UTC

  libav (4:0.8.17-0ubuntu0.12.04.1) precise-security; urgency=medium

  * Update to 0.8.17 to fix multiple security issues (LP: #1432610)
    - CVE-2014-8542
    - CVE-2014-8543
    - CVE-2014-8544
    - CVE-2014-8547
    - CVE-2014-8548
    - CVE-2014-9604
 -- Marc Deslauriers <email address hidden> Mon, 16 Mar 2015 08:10:23 -0400

Source diff to previous version
1432610 Libav security fixes March 2015
CVE-2014-8542 libavcodec/utils.c in FFmpeg before 2.4.2 omits a certain codec ID during enforcement of alignment, which allows remote attackers to cause a denial o
CVE-2014-8543 libavcodec/mmvideo.c in FFmpeg before 2.4.2 does not consider all lines of HHV Intra blocks during validation of image height, which allows remote at
CVE-2014-8544 libavcodec/tiff.c in FFmpeg before 2.4.2 does not properly validate bits-per-pixel fields, which allows remote attackers to cause a denial of service
CVE-2014-8547 libavcodec/gifdec.c in FFmpeg before 2.4.2 does not properly compute image heights, which allows remote attackers to cause a denial of service (out-o
CVE-2014-8548 Off-by-one error in libavcodec/smc.c in FFmpeg before 2.4.2 allows remote attackers to cause a denial of service (out-of-bounds access) or possibly h
CVE-2014-9604 libavcodec/utvideodec.c in FFmpeg before 2.5.2 does not check for a zero value of a slice height, which allows remote attackers to cause a denial of

Version: 4:0.8.16-0ubuntu0.12.04.1 2014-09-17 14:06:44 UTC

  libav (4:0.8.16-0ubuntu0.12.04.1) precise-security; urgency=medium

  * Update to 0.8.16 to fix multiple security issues (LP: #1370175)
  * debian/patches/fix_ftbfs_ff_get_buffer.patch: dropped, no longer
    needed.
  * debian/patches/04-ffmpeg-warning-change.patch: dropped, no longer
    needed.
 -- Marc Deslauriers <email address hidden> Tue, 16 Sep 2014 13:15:21 -0400

Source diff to previous version
1370175 Libav security fixes Sept 2014

Version: 4:0.8.15-0ubuntu0.12.04.1 2014-08-11 14:06:40 UTC

  libav (4:0.8.15-0ubuntu0.12.04.1) precise-security; urgency=medium

  * Update to 0.8.15 to fix multiple security issues (LP: #1354755)
  * debian/patches/fix_ftbfs_ff_get_buffer.patch: Add more missing
    #includes for ff_get_buffer() to fix ftbfs.
 -- Marc Deslauriers <email address hidden> Sun, 10 Aug 2014 09:59:10 -0400

Source diff to previous version
1354755 Libav security fixes Aug 2014

Version: 4:0.8.13-0ubuntu0.12.04.1 2014-07-15 20:06:33 UTC

  libav (4:0.8.13-0ubuntu0.12.04.1) precise-security; urgency=medium

  * Update to 0.8.13 to fix multiple security issues (LP: #1341216)
 -- Marc Deslauriers <email address hidden> Tue, 15 Jul 2014 07:24:55 -0400

1341216 Libav security fixes Jul 2014



About   -   Send Feedback to @ubuntu_updates