SB2017021202 - Arch Linux update for ffmpeg

Security Bulletin ID SB2017021202

CSH Severity

Low

Patch available

YES

Number of vulnerabilities 2

Exploitation vector Local access

Highest impact Denial of service

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 2 vulnerabilities.

1) Buffer overflow (CVE-ID: CVE-2017-5024)

The vulnerability allows a local non-authenticated attacker to perform a denial of service (DoS) attack.

FFmpeg in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, failed to perform proper bounds checking, which allowed a remote attacker to potentially exploit heap corruption via a crafted video file.

2) Buffer overflow (CVE-ID: CVE-2017-5025)

The vulnerability allows a local non-authenticated attacker to perform a denial of service (DoS) attack.

FFmpeg in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, failed to perform proper bounds checking, which allowed a remote attacker to potentially exploit heap corruption via a crafted video file.

Remediation

Install update from vendor's website.

References

https://security.archlinux.org/advisory/ASA-201702-10