VDB
GCVE-110-MAGEIA-2015-233
GCVE-110-MAGEIA-2015-233
Advisory Published
Updated avidemux packages fix security vulnerabilities:
The mjpeg_decode_app function in libavcodec/mjpegdec.c in FFMpeg before
1.2.11 allows remote attackers to cause a denial of service (out-of-bounds
heap access) and possibly have other unspecified impact via vectors related
to LJIF tags in an MJPEG file (CVE-2014-9316).
The decode_ihdr_chunk function in libavcodec/pngdec.c in FFMpeg before 1.2.11
allows remote attackers to cause a denial of service (out-of-bounds heap
access) and possibly have other unspecified impact via an IDAT before an IHDR
in a PNG file (CVE-2014-9317).
The vmd_decode function in libavcodec/vmdvideo.c in FFmpeg before 1.2.11 does
not validate the relationship between a certain length value and the frame
width, which allows remote attackers to cause a denial of service
(out-of-bounds array access) or possibly have unspecified other impact via
crafted Sierra VMD video data (CVE-2014-9603).
libavcodec/utvideodec.c in FFmpeg before 1.2.11 does not check for a zero
value of a slice height, which allows remote attackers to cause a denial of
service (out-of-bounds array access) or possibly have unspecified other
impact via crafted Ut Video data, related to the restore_median and
restore_median_il functions (CVE-2014-9604).
An attacker can force a read at an invalid address in mjpegdec.c of FFmpeg,
in order to trigger a denial of service (CVE-2015-1872).
Use-after-free vulnerability in the ff_h264_free_tables function in
libavcodec/h264.c in FFmpeg before 1.2.11 allows remote attackers to cause a
denial of service or possibly have unspecified other impact via crafted H.264
data in an MP4 file, as demonstrated by an HTML VIDEO element that references
H.264 data (CVE-2015-3417).
Avidemux is built with a bundled set of FFmpeg libraries. The bundled FFmpeg
version has been updated from 1.2.10 to 1.2.12 to fix these security issues
and other bugs fixed upstream in FFmpeg.
Affected Products
| Vendor | Product | Versions | Platforms |
|---|---|---|---|
| Mageia | avidemux | 0 (affected), 0 (affected), 2.6.6-2.3.mga4.tainted (unaffected), 2.6.6-2.3.mga4 (unaffected) | — |
References
Browse GCVE Records
73,443 records in the GCVE database · Updated July 18, 2026
No matching records found.
Explore Further
Investigate this vulnerability in the interactive console or download the raw GCVE record.