[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 1809-1] libav security update

Package        : libav
Version        : 6:11.12-1~deb8u7
CVE ID         : CVE-2018-15822 CVE-2019-11338

Two more security issues have been corrected in multiple demuxers and
decoders of the libav multimedia library.


    The flv_write_packet function in libavformat/flvenc.c in libav did
    not check for an empty audio packet, leading to an assertion failure.


    libavcodec/hevcdec.c in libav mishandled detection of duplicate first
    slices, which allowed remote attackers to cause a denial of service
    (NULL pointer dereference and out-of-array access) or possibly have
    unspecified other impact via crafted HEVC data.

For Debian 8 "Jessie", these problems have been fixed in version

We recommend that you upgrade your libav packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS


mike gabriel aka sunweaver (Debian Developer)
fon: +49 (1520) 1976 148

GnuPG Fingerprint: 9BFB AEE8 6C0A A5FF BF22  0782 9AF4 6B30 2577 1B31
mail: sunweaver@debian.org, http://sunweavers.net

Attachment: signature.asc
Description: PGP signature

Reply to: