{"id":"MGASA-2014-0473","summary":"Updated ffmpeg packages fix security vulnerabilities","details":"A heap-based buffer overflow in the encode_slice function in\nlibavcodec/proresenc_kostya.c in FFmpeg before 1.1.14 can cause a crash,\nallowing a malicious image file to cause a denial of service (CVE-2014-5271).\n\nlibavcodec/iff.c in FFmpeg before 1.1.14 allows an attacker to have an\nunspecified impact via a crafted iff image, which triggers an out-of-bounds\narray access, related to the rgb8 and rgbn formats (CVE-2014-5272).\n","modified":"2026-04-16T01:46:02.132367982Z","published":"2014-11-21T12:44:16Z","upstream":["CVE-2014-5271","CVE-2014-5272"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2014-0473.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=14556"},{"type":"WEB","url":"http://git.videolan.org/?p=ffmpeg.git;a=log;h=n1.1.14"},{"type":"WEB","url":"http://ffmpeg.org/olddownload.html"},{"type":"WEB","url":"http://ffmpeg.org/security.html"},{"type":"WEB","url":"http://openwall.com/lists/oss-security/2014/08/16/6"}],"affected":[{"package":{"name":"ffmpeg","ecosystem":"Mageia:3","purl":"pkg:rpm/mageia/ffmpeg?arch=source&distro=mageia-3"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.1.14-1.mga3"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2014-0473.json"}},{"package":{"name":"ffmpeg","ecosystem":"Mageia:3","purl":"pkg:rpm/mageia/ffmpeg?arch=source&distro=mageia-3"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.1.14-1.mga3.tainted"}]}],"ecosystem_specific":{"section":"tainted"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2014-0473.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}