VDB
GCVE-110-MAGEIA-2014-281
GCVE-110-MAGEIA-2014-281
Advisory Published
A use-after-free vulnerability in FFmpeg before 1.1.9 involving seek
operations on video data could allow remote attackers to cause a denial
of service (CVE-2012-5150).
The tak_decode_frame function in libavcodec/takdec.c in FFmpeg before
1.1.9 does not properly validate a certain bits-per-sample value, which
allows remote attackers to cause a denial of service (out-of-bounds array
access) or possibly have unspecified other impact via crafted TAK (aka
Tom's lossless Audio Kompressor) data (CVE-2014-2097).
libavcodec/wmalosslessdec.c in FFmpeg before 1.1.9 uses an incorrect
data-structure size for certain coefficients, which allows remote
attackers to cause a denial of service (memory corruption) or possibly
have unspecified other impact via crafted WMA data (CVE-2014-2098).
The msrle_decode_frame function in libavcodec/msrle.c in FFmpeg before
1.1.9 does not properly calculate line sizes, which allows remote
attackers to cause a denial of service (out-of-bounds array access) or
possibly have unspecified other impact via crafted Microsoft RLE video
data (CVE-2014-2099).
The mpegts_write_pmt function in the MPEG2 transport stream (aka DVB)
muxer (libavformat/mpegtsenc.c) in FFmpeg before 1.1.9 allows remote
attackers to have unspecified impact and vectors, which trigger an
out-of-bounds write (CVE-2014-2263).
An integer overflow in LZO decompression in FFmpeg before 1.1.12 allows
remote attackers to have an unspecified impact by embedding compressed
data in a video file (CVE-2014-4610).
This updates provides ffmpeg version 1.1.12, which fixes these issues
and several other bugs which were corrected upstream.
Affected Products
| Vendor | Product | Versions | Platforms |
|---|---|---|---|
| Mageia | ffmpeg | 0 (affected), 1.1.12-1.mga3 (unaffected), 0 (affected), 1.1.12-1.mga3.tainted (unaffected) | — |
References
Browse GCVE Records
73,443 records in the GCVE database · Updated July 18, 2026
No matching records found.
Explore Further
Investigate this vulnerability in the interactive console or download the raw GCVE record.