CVE-2014-8541
Published: 5 November 2014
libavcodec/mjpegdec.c in FFmpeg before 2.4.2 considers only dimension differences, and not bits-per-pixel differences, when determining whether an image size has changed, which allows remote attackers to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via crafted MJPEG data.
From the Ubuntu Security Team
It was discovered that Libav incorrectly handled certain media files. An attacker could possibly use this issue to cause a denial of service or other unspecified impact.
Priority
Status
Package | Release | Status |
---|---|---|
ffmpeg Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(7:2.5.4-1)
|
cosmic |
Not vulnerable
(7:2.5.4-1)
|
|
disco |
Not vulnerable
(7:2.5.4-1)
|
|
lucid |
Ignored
(end of life)
|
|
precise |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Needs triage
|
|
utopic |
Does not exist
|
|
vivid |
Not vulnerable
(7:2.5.4-1)
|
|
wily |
Not vulnerable
(7:2.5.4-1)
|
|
xenial |
Not vulnerable
(7:2.5.4-1)
|
|
yakkety |
Not vulnerable
(7:2.5.4-1)
|
|
zesty |
Not vulnerable
(7:2.5.4-1)
|
|
artful |
Not vulnerable
(7:2.5.4-1)
|
|
Patches: upstream: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=5c378d6a6df8243f06c87962b873bd563e58cd39 |
||
libav Launchpad, Ubuntu, Debian |
artful |
Does not exist
|
bionic |
Does not exist
|
|
cosmic |
Does not exist
|
|
disco |
Does not exist
|
|
lucid |
Does not exist
|
|
precise |
Released
(4:0.8.17-0ubuntu0.12.04.2)
|
|
upstream |
Released
(11.2,10.6)
|
|
utopic |
Ignored
(end of life)
|
|
vivid |
Not vulnerable
(6:11.2-1)
|
|
wily |
Does not exist
|
|
xenial |
Does not exist
|
|
yakkety |
Does not exist
|
|
zesty |
Does not exist
|
|
trusty |
Released
(6:9.20-0ubuntu0.14.04.1+esm1)
Available with Ubuntu Pro or Ubuntu Pro (Infra-only) |
|
Patches: upstream: https://git.libav.org/?p=libav.git;a=commit;h=809c3023b699c54c90511913d3b6140dd2436550 |
||
mplayer Launchpad, Ubuntu, Debian |
artful |
Ignored
(end of life)
|
bionic |
Not vulnerable
(code not present)
|
|
cosmic |
Not vulnerable
(code not present)
|
|
disco |
Not vulnerable
(code not present)
|
|
lucid |
Ignored
(end of life)
|
|
precise |
Ignored
(end of life)
|
|
upstream |
Needs triage
|
|
utopic |
Does not exist
|
|
vivid |
Does not exist
|
|
wily |
Does not exist
|
|
xenial |
Not vulnerable
(code not present)
|
|
yakkety |
Ignored
(end of life)
|
|
zesty |
Ignored
(end of life)
|
|
trusty |
Not vulnerable
(uses system ffmpeg)
|