CVE-2014-9676
Publication date 28 February 2015
Last updated 24 July 2024
Ubuntu priority
The seg_write_packet function in libavformat/segment.c in ffmpeg 2.1.4 and earlier does not free the correct memory location, which allows remote attackers to cause a denial of service ("invalid memory handler") and possibly execute arbitrary code via a crafted video that triggers a use after free.
From the Ubuntu Security Team
It was discovered that Libav incorrectly handled certain media files. An attacker could possibly use this issue to cause a denial of service or other unspecified impact.
Status
| Package | Ubuntu Release | Status |
|---|---|---|
| ffmpeg | ||
| 18.04 LTS bionic |
Not affected
|
|
| 16.04 LTS xenial |
Not affected
|
|
| 14.04 LTS trusty | Not in release | |
| libav | ||
| 18.04 LTS bionic | Not in release | |
| 16.04 LTS xenial | Not in release | |
| 14.04 LTS trusty |
Fixed 6:9.20-0ubuntu0.14.04.1+esm1
|
|
Get expanded security coverage with Ubuntu Pro
Reduce your average CVE exposure time from 98 days to 1 day with expanded CVE patching, ten-years security maintenance and optional support for the full stack of open-source applications. Free for personal use.
Get Ubuntu ProNotes
tyhicks
from what I can tell, libav 9.0 to 11.1 is affected with upstream git commit eb447d515956b3ce182d9750083131735f00324c introducing the issue