Bugzilla – Bug 1034176
VUL-0: CVE-2017-7866: ffmpeg: stack-based buffer overflow (decode_zbuf function in libavcodec/pngdec.c)
Last modified: 2021-09-11 02:35:28 UTC
Ref: https://nvd.nist.gov/vuln/detail/CVE-2017-7866 ==================================================== Description FFmpeg before 2017-01-23 has an out-of-bounds write caused by a stack-based buffer overflow related to the decode_zbuf function in libavcodec/pngdec.c. Source: MITRE Last Modified: 04/14/2017 ==================================================== Hyperlink: [1] https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=444 [2] https://github.com/FFmpeg/FFmpeg/commit/e371f031b942d73e02c090170975561fabd5c264 (open-)SUSE: https://software.opensuse.org/package/ffmpeg 3.2.4 (TW, 42.2, official repo) 2.8.8 (42.1, official repo)
This is an autogenerated message for OBS integration: This bug (1034176) was mentioned in https://build.opensuse.org/request/show/489106 42.2 / ffmpeg
This is an autogenerated message for OBS integration: This bug (1034176) was mentioned in https://build.opensuse.org/request/show/489155 42.1 / ffmpeg
openSUSE-SU-2017:1121-1: An update that fixes 8 vulnerabilities is now available. Category: security (moderate) Bug References: 1022920,1022921,1022922,1034176,1034177,1034179,1034181,1034183 CVE References: CVE-2016-10190,CVE-2016-10191,CVE-2016-10192,CVE-2017-7859,CVE-2017-7862,CVE-2017-7863,CVE-2017-7865,CVE-2017-7866 Sources used: openSUSE Leap 42.2 (src): ffmpeg-3.3-6.6.1
openSUSE-SU-2017:1433-1: An update that fixes 7 vulnerabilities is now available. Category: security (moderate) Bug References: 1015120,1022920,1022921,1022922,1034176,1034177,1034179 CVE References: CVE-2016-10190,CVE-2016-10191,CVE-2016-10192,CVE-2016-9561,CVE-2017-7863,CVE-2017-7865,CVE-2017-7866 Sources used: openSUSE Leap 42.2 (src): ffmpeg2-2.8.11-25.3.1
openSUSE-SU-2017:1532-1: An update that solves 6 vulnerabilities and has one errata is now available. Category: security (moderate) Bug References: 1015120,1022921,1022922,1034176,1034177,1034179,980542 CVE References: CVE-2016-10191,CVE-2016-10192,CVE-2016-9561,CVE-2017-7863,CVE-2017-7865,CVE-2017-7866 Sources used: SUSE Package Hub for SUSE Linux Enterprise 12 (src): ffmpeg2-2.8.11-12.1
released
openSUSE-SU-2017:2502-1: An update that solves 20 vulnerabilities and has one errata is now available. Category: security (important) Bug References: 1015120,1022920,1022921,1022922,1034176,1034177,1034179,1046211,1049095,1056760,1056761,1056762,1056763,1056765,1056766,1057536,1057537,1057539,1058018,1058019,1058020 CVE References: CVE-2016-10190,CVE-2016-10191,CVE-2016-10192,CVE-2016-9561,CVE-2017-11399,CVE-2017-14054,CVE-2017-14055,CVE-2017-14056,CVE-2017-14057,CVE-2017-14058,CVE-2017-14059,CVE-2017-14169,CVE-2017-14170,CVE-2017-14171,CVE-2017-14222,CVE-2017-14223,CVE-2017-14225,CVE-2017-7863,CVE-2017-7865,CVE-2017-7866 Sources used: openSUSE Leap 42.3 (src): ffmpeg-3.3.4-7.1, ffmpeg2-2.8.13-32.1, lame-3.99.5-2.1, twolame-0.3.13-2.1
This is an autogenerated message for OBS integration: This bug (1034176) was mentioned in https://build.opensuse.org/request/show/623663 15.0+42.3+Backports:SLE-12-SP2 / chromium+codec2+ffmpeg-2+ffmpeg-3+ffmpeg-4+libsodium+libvpx-1_6+zeromq