Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

CVE-2014-9676

Published: 28 February 2015

The seg_write_packet function in libavformat/segment.c in ffmpeg 2.1.4 and earlier does not free the correct memory location, which allows remote attackers to cause a denial of service ("invalid memory handler") and possibly execute arbitrary code via a crafted video that triggers a use after free.

From the Ubuntu Security Team

It was discovered that Libav incorrectly handled certain media files. An attacker could possibly use this issue to cause a denial of service or other unspecified impact.

Notes

AuthorNote
tyhicks 
from what I can tell, libav 9.0 to 11.1 is affected with upstream git
commit eb447d515956b3ce182d9750083131735f00324c introducing the issue

Priority

Medium

Status

Package Release Status
ffmpeg
Launchpad, Ubuntu, Debian 		artful Not vulnerable
(7:2.5.4-1)
bionic Not vulnerable
(7:2.5.4-1)
cosmic Not vulnerable
(7:2.5.4-1)
disco Not vulnerable
(7:2.5.4-1)
lucid Ignored
(end of life)
precise Does not exist

trusty Does not exist

upstream Needs triage

utopic Does not exist

vivid Not vulnerable
(7:2.5.4-1)
wily Not vulnerable
(7:2.5.4-1)
xenial Not vulnerable
(7:2.5.4-1)
yakkety Not vulnerable
(7:2.5.4-1)
zesty Not vulnerable
(7:2.5.4-1)
Patches:
upstream: https://github.com/FFmpeg/FFmpeg/commit/b3f04657368a32a9903406395f865e230b1de348

libav
Launchpad, Ubuntu, Debian 		artful Does not exist

bionic Does not exist

cosmic Does not exist

disco Does not exist

lucid Does not exist

precise Not vulnerable
(4:0.8.16-0ubuntu0.12.04.1)
trusty
Released (6:9.20-0ubuntu0.14.04.1+esm1)
Available with Ubuntu Pro or Ubuntu Pro (Infra-only)
upstream Needs triage

utopic Ignored
(end of life)
vivid Not vulnerable
(6:11.2-1)
wily Does not exist

xenial Does not exist

yakkety Does not exist

zesty Does not exist

Patches:

upstream: https://git.libav.org/?p=libav.git;a=commitdiff;h=b3f04657368a32a9903406395f865e230b1de348

References

Join the discussion

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›

Further reading