CVE-2014-8541
Published: 5 November 2014
libavcodec/mjpegdec.c in FFmpeg before 2.4.2 considers only dimension differences, and not bits-per-pixel differences, when determining whether an image size has changed, which allows remote attackers to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via crafted MJPEG data.
From the Ubuntu security team
It was discovered that Libav incorrectly handled certain media files. An attacker could possibly use this issue to cause a denial of service or other unspecified impact.
Priority
Low
Status
| Package | Release | Status |
|---|---|---|
|
ffmpeg Launchpad, Ubuntu, Debian |
artful |
Not vulnerable
(7:2.5.4-1)
|
| bionic |
Not vulnerable
(7:2.5.4-1)
|
|
| cosmic |
Not vulnerable
(7:2.5.4-1)
|
|
| disco |
Not vulnerable
(7:2.5.4-1)
|
|
| lucid |
Ignored
(reached end-of-life)
|
|
| precise |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Needs triage
|
|
| utopic |
Does not exist
|
|
| vivid |
Not vulnerable
(7:2.5.4-1)
|
|
| wily |
Not vulnerable
(7:2.5.4-1)
|
|
| xenial |
Not vulnerable
(7:2.5.4-1)
|
|
| yakkety |
Not vulnerable
(7:2.5.4-1)
|
|
| zesty |
Not vulnerable
(7:2.5.4-1)
|
|
|
Patches: upstream: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=5c378d6a6df8243f06c87962b873bd563e58cd39 |
||
|
libav Launchpad, Ubuntu, Debian |
artful |
Does not exist
|
| bionic |
Does not exist
|
|
| cosmic |
Does not exist
|
|
| disco |
Does not exist
|
|
| lucid |
Does not exist
|
|
| precise |
Does not exist
(precise was released [4:0.8.17-0ubuntu0.12.04.2])
|
|
| trusty |
Does not exist
(trusty was needed)
|
|
| upstream |
Released
(11.2,10.6)
|
|
| utopic |
Ignored
(reached end-of-life)
|
|
| vivid |
Not vulnerable
(6:11.2-1)
|
|
| wily |
Does not exist
|
|
| xenial |
Does not exist
|
|
| yakkety |
Does not exist
|
|
| zesty |
Does not exist
|
|
|
Patches: upstream: https://git.libav.org/?p=libav.git;a=commit;h=809c3023b699c54c90511913d3b6140dd2436550 |
||
|
mplayer Launchpad, Ubuntu, Debian |
artful |
Ignored
(reached end-of-life)
|
| bionic |
Not vulnerable
(code not present)
|
|
| cosmic |
Not vulnerable
(code not present)
|
|
| disco |
Not vulnerable
(code not present)
|
|
| lucid |
Ignored
(reached end-of-life)
|
|
| precise |
Does not exist
(precise was needed)
|
|
| trusty |
Does not exist
(trusty was not-affected [uses system ffmpeg])
|
|
| upstream |
Needs triage
|
|
| utopic |
Does not exist
|
|
| vivid |
Does not exist
|
|
| wily |
Does not exist
|
|
| xenial |
Not vulnerable
(code not present)
|
|
| yakkety |
Ignored
(reached end-of-life)
|
|
| zesty |
Ignored
(reached end-of-life)
|
|