Overview

File _patchinfo of Package patchinfo.5703

<patchinfo incident="5703">
  <packager>AndreasStieger</packager>
  <issue tracker="bnc" id="1003806">VUL-1: CVE-2016-7122, CVE-2016-7450, CVE-2016-7502, CVE-2016-7555, CVE-2016-7562, CVE-2016-7785, CVE-2016-7905: ffmpeg: Various vulnerabilities</issue>
  <issue tracker="cve" id="2016-7562"></issue>
  <issue tracker="cve" id="2016-7502"></issue>
  <issue tracker="cve" id="2016-7905"></issue>
  <issue tracker="cve" id="2016-7555"></issue>
  <issue tracker="cve" id="2016-7785"></issue>
  <category>security</category>
  <rating>moderate</rating>
  <summary>Security update for ffmpeg</summary>
  <description>This update for ffmpeg fixes multiple security issues in ffmpeg (boo#1003806)

These vulnerabilities can be triggered when processing specially crafted avi video content, and could lead to crashes or have unspecified further impact including potential code execution.

- CVE-2016-7562: out-of-bounds array write fault via specially crafted avi files
- CVE-2016-7502: out-of-bounds array write via incorrect block values
- CVE-2016-7905: null-point-exception when decoding avi files with crafted 'gab2' structs
- CVE-2016-7555: memory leak when decoding avi files with crafted 'strh' struct
- CVE-2016-7785: assert fault via avi files with crafted 'strh' struct</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places