Description Quality Assurance 2019-02-04 08:24:54 CET

New Debian libav 6:11.12-1~deb8u5 fixes:
This update addresses the following issues:
* libavcodec/utils.c in FFmpeg before 2.4.2 omits a certain codec ID during  enforcement of alignment, which allows remote attackers to cause a denial  of service (out-of-bounds access) or possibly have unspecified other impact  via crafted JV data. (CVE-2014-8542)
* Double-free vulnerability in libavformat/mov.c in FFMPEG in Google Chrome  41.0.2251.0 allows remote attackers to cause a denial of service (memory  corruption and crash) via a crafted .m4a file. (CVE-2015-1207)
* FFmpeg before 2017-02-04 has an out-of-bounds write caused by a heap-based  buffer overflow related to the decode_frame_common function in  libavcodec/pngdec.c. (CVE-2017-7863)
* FFmpeg before 2017-01-24 has an out-of-bounds write caused by a heap-based  buffer overflow related to the ipvideo_decode_block_opcode_0xA function in  libavcodec/interplayvideo.c and the avcodec_align_dimensions2 function in  libavcodec/utils.c. (CVE-2017-7865)
* In the mxf_read_primer_pack function in libavformat/mxfdec.c in FFmpeg  3.3.3, an integer signedness error might occur when a crafted file, which  claims a large "item_num" field such as 0xffffffff, is provided. As a  result, the variable "item_num" turns negative, bypassing the check for a  large value. (CVE-2017-14169)
* In libavformat/asfdec_f.c in FFmpeg 3.3.3, a DoS in  asf_build_simple_index() due to lack of an EOF (End of File) check might  cause huge CPU consumption. When a crafted ASF file, which claims a large  "ict" field in the header but does not contain sufficient backing data, is  provided, the for loop would consume huge CPU and memory resources, since  there is no EOF check inside the loop. (CVE-2017-14223)