*** This bug is a security vulnerability ***
Public security bug reported:
FFmpeg 2.5.7 fixing a number of crashes and other potentially security relevant
issues was released.
>From the upstream Changelog:
version 2.5.7
- avformat/nutdec: Fix recovery when immedeately after seeking a failure happens
- nutdec: fix memleaks on error in nut_read_header
- rtpenc_jpeg: handle case of picture dimensions not dividing by 8
- avformat/mov: Fix parsing short loci
- avcodec/shorten: Fix code depending on signed overflow behavior
- avcodec/proresdec2: Reset slice_count on deallocation
- ffmpeg_opt: Fix -timestamp parsing
- hevc: make avcodec_decode_video2() fail if get_format() fails
- avcodec/mpeg4audio: add some padding/alignment to MAX_PCE_SIZE
- swr: fix alignment issue caused by 8ch sse functions
- libswscale/x86/hscale_fast_bilinear_simd.c: Include BX in the clobber list on
x86_64, because it isn't implicitly included when PIC is on.
- aacdec: don't return frames without data
- avformat/matroskadec: Cleanup error handling for bz2 & zlib
- avformat/nutdec: Fix use of uinitialized value
- tools/graph2dot: use larger data types than int for array/string sizes
- id3v2: catch avio_read errors in check_tag
- aacsbr: break infinite loop in sbr_hf_calc_npatches
- diracdec: avoid overflow of bytes*8 in decode_lowdelay
- diracdec: prevent overflow in data_unit_size check
- avidec: avoid infinite loop due to negative ast->sample_size
- pngdec: don't use AV_PIX_FMT_MONOBLACK for apng
- avcodec/wavpack: Check L/R values before use to avoid harmless integer
overflow and undefined behavior in fate
- xcbgrab: Validate the capture area
- xcbgrab: Do not assume the non shm image data is always available
- avfilter/lavfutils: disable frame threads when decoding a single image
- nutdec: fix illegal count check in decode_main_header
- ffmpeg: remove incorrect network deinit
- OpenCL: Avoid potential buffer overflow in cmdutils_opencl.c
- apedec: set s->samples only when init_frame_decoder succeeded
- swscale/ppc/swscale_altivec.c: POWER LE support in yuv2planeX_8() delete
macro GET_VF()
- libvpxenc: only set noise reduction w/vp8
- tests/fate-run: do not attempt to parse tiny_psnrs output if it failed
- alac: reject rice_limit 0 if compression is used
- alsdec: only adapt order for positive max_order
- alsdec: check sample pointer range in revert_channel_correlation
- tests: drop bc dependency
- fate: Include branch information in the payload header
** Affects: ffmpeg (Ubuntu)
Importance: Undecided
Status: New
** Information type changed from Private Security to Public Security
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1458171
Title:
FFmpeg security fixes May 2015
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ffmpeg/+bug/1458171/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
