PublicDateAtUSN: 2014-11-05
Candidate: CVE-2014-8544
PublicDate: 2014-11-05 11:55:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8544
 http://www.ffmpeg.org/security.html
 http://git.videolan.org/?p=ffmpeg.git;a=commit;h=e1c0cfaa419aa5d320540d5a1b3f8fd9b82ab7e5
 https://ubuntu.com/security/notices/USN-2534-1
Description:
 libavcodec/tiff.c in FFmpeg before 2.4.2 does not properly validate
 bits-per-pixel fields, which allows remote attackers to cause a denial of
 service (out-of-bounds access) or possibly have unspecified other impact
 via crafted TIFF data.
Ubuntu-Description:
Notes:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS: 

Patches_mplayer:
upstream_mplayer: needs-triage
lucid_mplayer: ignored (reached end-of-life)
precise_mplayer: ignored (reached end-of-life)
precise/esm_mplayer: DNE (precise was needed)
trusty_mplayer: not-affected (uses system ffmpeg)
trusty/esm_mplayer: DNE (trusty was not-affected [uses system ffmpeg])
utopic_mplayer: DNE
vivid_mplayer: DNE
vivid/stable-phone-overlay_mplayer: DNE
vivid/ubuntu-core_mplayer: DNE
wily_mplayer: DNE
xenial_mplayer: not-affected (code not present)
yakkety_mplayer: ignored (reached end-of-life)
zesty_mplayer: ignored (reached end-of-life)
artful_mplayer: ignored (reached end-of-life)
bionic_mplayer: not-affected (code not present)
devel_mplayer: not-affected (code not present)

Patches_ffmpeg:
 upstream: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=e1c0cfaa419aa5d320540d5a1b3f8fd9b82ab7e5
upstream_ffmpeg: needs-triage
lucid_ffmpeg: ignored (reached end-of-life)
precise_ffmpeg: DNE
precise/esm_ffmpeg: DNE
trusty_ffmpeg: DNE
trusty/esm_ffmpeg: DNE
utopic_ffmpeg: DNE
vivid_ffmpeg: not-affected (7:2.5.4-1)
vivid/stable-phone-overlay_ffmpeg: DNE
vivid/ubuntu-core_ffmpeg: DNE
wily_ffmpeg: not-affected (7:2.5.4-1)
xenial_ffmpeg: not-affected (7:2.5.4-1)
yakkety_ffmpeg: not-affected (7:2.5.4-1)
zesty_ffmpeg: not-affected (7:2.5.4-1)
artful_ffmpeg: not-affected (7:2.5.4-1)
bionic_ffmpeg: not-affected (7:2.5.4-1)
devel_ffmpeg: not-affected (7:2.5.4-1)

Patches_libav:
upstream_libav: released (0.8.17,11.3,10.6,9.18)
lucid_libav: DNE
precise_libav: released (4:0.8.17-0ubuntu0.12.04.1)
precise/esm_libav: DNE (precise was released [4:0.8.17-0ubuntu0.12.04.1])
trusty_libav: released (6:9.18-0ubuntu0.14.04.1)
trusty/esm_libav: DNE (trusty was released [6:9.18-0ubuntu0.14.04.1])
utopic_libav: ignored (reached end-of-life)
vivid_libav: ignored (reached end-of-life)
vivid/stable-phone-overlay_libav: DNE
vivid/ubuntu-core_libav: DNE
wily_libav: DNE
xenial_libav: DNE
yakkety_libav: DNE
zesty_libav: DNE
artful_libav: DNE
bionic_libav: DNE
devel_libav: DNE