SB2014071602 - Integer overflow in ffmpeg (Alpine package)
Published: July 16, 2014
Security Bulletin ID
SB2014071602
Severity
High
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Remote access
Highest impact
Code execution
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Integer overflow (CVE-ID: CVE-2014-4609)
The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.
Integer overflow in the get_len function in libavutil/lzo.c in Libav before 0.8.13, 9.x before 9.14, and 10.x before 10.2 allows remote attackers to execute arbitrary code via a crafted Literal Run.
Remediation
Install update from vendor's website.
References
- https://git.alpinelinux.org/aports/commit/?id=7d04d396a73884bae251805a075aa4935a9e7dce
- https://git.alpinelinux.org/aports/commit/?id=561ba4a7d8002837f3b1eed6237aa38f4e855d29
- https://git.alpinelinux.org/aports/commit/?id=e980dbf9d79570c62415db12b0983a59f510d9b6
- https://git.alpinelinux.org/aports/commit/?id=c89f952d67205ff1b4b524508134e783f234b066