Bug#872517: ffmpeg: CVE-2017-7206: heap-based buffer over-read in embed libav
Luciano Bello
luciano at debian.org
Fri Aug 18 02:46:03 UTC 2017
Package: ffmpeg
X-Debbugs-CC: team at security.debian.org secure-testing-
team at lists.alioth.debian.org
Severity: grave
Tags: security
Hi,
the following vulnerability was published for libav (which is embed in
ffmpeg).
CVE-2017-7206[0]:
| The ff_h2645_extract_rbsp function in libavcodec in libav 9.21 allows
| remote attackers to cause a denial of service (heap-based buffer
| over-read) or obtain sensitive information from process memory via a
| crafted h264 video file.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2017-7206
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7206
Please adjust the affected versions in the BTS as needed.
More information about the pkg-multimedia-maintainers
mailing list