Bugzilla – Bug 960383
VUL-0: CVE-2015-8663: ffmpeg: The ff_get_buffer function in libavcodec/utils.c in FFmpeg before 2.8.4preserves width and height v...
Last modified: 2018-07-18 14:43:34 UTC
CVE-2015-8663 The ff_get_buffer function in libavcodec/utils.c in FFmpeg before 2.8.4 preserves width and height values after a failure, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via a crafted .mov file. References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-8663 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8663 http://www.cvedetails.com/cve/CVE-2015-8663/ http://git.videolan.org/?p=ffmpeg.git;a=commit;h=abee0a1c60612e8638640a8a3738fffb65e16dbf
bugbot adjusting priority
Thanks, update is running. The following contains a diff: osc rdiff multimedia:libs/ffmpeg openSUSE:Maintenance:4481/ffmpeg.openSUSE_Leap_42.1_Update -BuildRequires: pkgconfig(librtmp) Assuming this is intentional.
librtmp is still local to multimedia:libs only, and not present in 42.1 or TW.
Releasing update
openSUSE-SU-2016:0089-1: An update that fixes three vulnerabilities is now available. Category: security (important) Bug References: 960383,960384,960385 CVE References: CVE-2015-8661,CVE-2015-8662,CVE-2015-8663 Sources used: openSUSE Leap 42.1 (src): ffmpeg-2.8.4-9.1
This is an autogenerated message for OBS integration: This bug (960383) was mentioned in https://build.opensuse.org/request/show/354498 42.1 / ffmpeg
This is an autogenerated message for OBS integration: This bug (960383) was mentioned in https://build.opensuse.org/request/show/623663 15.0+42.3+Backports:SLE-12-SP2 / chromium+codec2+ffmpeg-2+ffmpeg-3+ffmpeg-4+libsodium+libvpx-1_6+zeromq