USN-4859-1: MediaInfoLib vulnerabilities
15 March 2021
MediaInfoLib could be made to crash if it opened a specially crafted file.
Releases
Packages
- libmediainfo - library reading metadata from media files
Details
It was discovered that MediaInfoLib contained multiple security issues when
handling certain multimedia files. If a user were tricked into opening a
crafted multimedia file, an attacker could cause MediaInfoLib to crash,
resulting in a denial of service.
Update instructions
The problem can be corrected by updating your system to the following package versions:
Ubuntu 16.04
-
python-mediainfodll
-
0.7.82-1ubuntu0.1~esm1
Available with Ubuntu Pro
-
python3-mediainfodll
-
0.7.82-1ubuntu0.1~esm1
Available with Ubuntu Pro
-
libmediainfo0v5
-
0.7.82-1ubuntu0.1~esm1
Available with Ubuntu Pro
Ubuntu 14.04
-
python-mediainfodll
-
0.7.67-2ubuntu1+esm1
Available with Ubuntu Pro
-
python3-mediainfodll
-
0.7.67-2ubuntu1+esm1
Available with Ubuntu Pro
-
libmediainfo0
-
0.7.67-2ubuntu1+esm1
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.
References
Related notices
- USN-3988-1: libmediainfo-dev, libmediainfo0v5, libmediainfo-doc, libmediainfo, python3-mediainfodll, python-mediainfodll