package: src:libav severity: grave version: 6:0.8.5-1 Hi, the following vulnerabilities were published for libav. These are currently unfixed in 0.8.5-1.
CVE-2013-0894[0]: | Buffer overflow in the vorbis_parse_setup_hdr_floors function in the | Vorbis decoder in vorbisdec.c in libavcodec in FFmpeg through 1.1.3, | as used in Google Chrome before 25.0.1364.97 on Windows and Linux and | before 25.0.1364.99 on Mac OS X and other products, allows remote | attackers to cause a denial of service (divide-by-zero error or | out-of-bounds array access) or possibly have unspecified other impact | via vectors involving a zero value for a bark map size. CVE-2013-2277[1]: | The ff_h264_decode_seq_parameter_set function in h264_ps.c in | libavcodec in FFmpeg before 1.1.3 does not validate the relationship | between luma depth and chroma depth, which allows remote attackers to | cause a denial of service (out-of-bounds array access and application | crash) or possibly have unspecified other impact via crafted H.264 | data. CVE-2013-2495[2]: | The iff_read_header function in iff.c in libavformat in FFmpeg through | 1.1.3 does not properly handle data sizes for Interchange File Format | (IFF) data during operations involving a CMAP chunk or a video codec, | which allows remote attackers to cause a denial of service (integer | overflow, out-of-bounds array access, and application crash) or | possibly have unspecified other impact via a crafted header. CVE-2013-2496[3]: | The msrle_decode_8_16_24_32 function in msrledec.c in libavcodec in | FFmpeg through 1.1.3 does not properly determine certain end pointers, | which allows remote attackers to cause a denial of service | (out-of-bounds array access and application crash) or possibly have | unspecified other impact via crafted Microsoft RLE data. If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0894 http://security-tracker.debian.org/tracker/CVE-2013-0894 [1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2277 http://security-tracker.debian.org/tracker/CVE-2013-2277 [2] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2495 http://security-tracker.debian.org/tracker/CVE-2013-2495 [3] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2496 http://security-tracker.debian.org/tracker/CVE-2013-2496 -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
