Bug#872517: ffmpeg: CVE-2017-7206: heap-based buffer over-read in embed libav

Luciano Bello luciano at debian.org
Fri Aug 18 02:46:03 UTC 2017


Package: ffmpeg
X-Debbugs-CC: team at security.debian.org secure-testing-
team at lists.alioth.debian.org
Severity: grave
Tags: security

Hi,

the following vulnerability was published for libav (which is embed in 
ffmpeg).

CVE-2017-7206[0]:
| The ff_h2645_extract_rbsp function in libavcodec in libav 9.21 allows
| remote attackers to cause a denial of service (heap-based buffer
| over-read) or obtain sensitive information from process memory via a
| crafted h264 video file.

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2017-7206
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7206

Please adjust the affected versions in the BTS as needed.



More information about the pkg-multimedia-maintainers mailing list