[3.4] ffmpeg: heap overflows (CVE-2017-5024, CVE-2017-5025 ++)
CVE-2017-5024 (arbitrary code execution)
A heap overflow flaw was found in FFmpeg
Fixed in 3.0.7
CVE-2017-5025 (arbitrary code execution)
A heap overflow flaw was found in FFmpeg
Fixed in 3.0.7
3.0.5
Fixes following vulnerabilities:
CVE-2016-10190,
CVE-2016-10191,
CVE-2016-10192,
3.0.4
Fixes following vulnerabilities:
CVE-2016-5199,
CVE-2016-7450,
CVE-2016-7502,
CVE-2016-7555,
CVE-2016-7562,
CVE-2016-7785,
CVE-2016-7905,
3.0.3
Fixes following vulnerabilities:
CVE-2016-6164,
CVE-2016-6881,
CVE-2016-7122,
References:
https://ffmpeg.org/security.html
(from redmine: issue id 6871, created on 2017-02-16, closed on 2017-09-05)
- Relations:
- parent #6868 (closed)
- Changesets:
- Revision 2d91f66a by Sergei Lukin on 2017-02-21T08:10:40Z:
main/ffmpeg: security upgrade to 3.0.7 - fixes #6871
3.0.7 fixes:
CVE-2017-5024
CVE-2017-5025
3.0.5 fixes:
CVE-2016-10190
CVE-2016-10191
CVE-2016-10192
3.0.4 fixes:
CVE-2016-5199
CVE-2016-7450
CVE-2016-7502
CVE-2016-7555
CVE-2016-7562
CVE-2016-7785
CVE-2016-7905
3.0.3 fixes:
CVE-2016-6164
CVE-2016-6881
CVE-2016-7122