CVE-2014-8541
Published: 05 November 2014
libavcodec/mjpegdec.c in FFmpeg before 2.4.2 considers only dimension differences, and not bits-per-pixel differences, when determining whether an image size has changed, which allows remote attackers to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via crafted MJPEG data.
From the Ubuntu security team
It was discovered that Libav incorrectly handled certain media files. An attacker could possibly use this issue to cause a denial of service or other unspecified impact.
Priority
Low
Status
| Package | Release | Status |
|---|---|---|
|
ffmpeg Launchpad, Ubuntu, Debian |
Upstream |
Needs triage
|
| Ubuntu 18.04 LTS (Bionic Beaver) |
Not vulnerable
(7:2.5.4-1)
|
|
| Ubuntu 16.04 ESM (Xenial Xerus) |
Not vulnerable
(7:2.5.4-1)
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|
|
|
Patches: Upstream: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=5c378d6a6df8243f06c87962b873bd563e58cd39 |
||
|
libav Launchpad, Ubuntu, Debian |
Upstream |
Released
(11.2,10.6)
|
| Ubuntu 18.04 LTS (Bionic Beaver) |
Does not exist
|
|
| Ubuntu 16.04 ESM (Xenial Xerus) |
Does not exist
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
(trusty was needed)
|
|
|
Patches: Upstream: https://git.libav.org/?p=libav.git;a=commit;h=809c3023b699c54c90511913d3b6140dd2436550 |
||
|
mplayer Launchpad, Ubuntu, Debian |
Upstream |
Needs triage
|
| Ubuntu 18.04 LTS (Bionic Beaver) |
Not vulnerable
(code not present)
|
|
| Ubuntu 16.04 ESM (Xenial Xerus) |
Not vulnerable
(code not present)
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
(trusty was not-affected [uses system ffmpeg])
|
|