Candidate: CVE-2014-8545
PublicDate: 2014-11-05 11:55:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8545
 http://www.ffmpeg.org/security.html
 http://git.videolan.org/?p=ffmpeg.git;a=commit;h=3e2b745020c2dbf0201fe7df3dad9e7e0b2e1bb6
Description:
 libavcodec/pngdec.c in FFmpeg before 2.4.2 accepts the monochrome-black
 format without verifying that the bits-per-pixel value is 1, which allows
 remote attackers to cause a denial of service (out-of-bounds access) or
 possibly have unspecified other impact via crafted PNG data.
Ubuntu-Description:
Notes:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS: 

Patches_mplayer:
upstream_mplayer: needs-triage
lucid_mplayer: ignored (reached end-of-life)
precise_mplayer: ignored (reached end-of-life)
precise/esm_mplayer: DNE (precise was needed)
trusty_mplayer: not-affected (uses system ffmpeg)
trusty/esm_mplayer: DNE (trusty was not-affected [uses system ffmpeg])
utopic_mplayer: DNE
vivid_mplayer: DNE
vivid/stable-phone-overlay_mplayer: DNE
vivid/ubuntu-core_mplayer: DNE
wily_mplayer: DNE
xenial_mplayer: not-affected (code not present)
yakkety_mplayer: ignored (reached end-of-life)
zesty_mplayer: ignored (reached end-of-life)
artful_mplayer: ignored (reached end-of-life)
bionic_mplayer: not-affected (code not present)
devel_mplayer: not-affected (code not present)

Patches_ffmpeg:
 upstream: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=3e2b745020c2dbf0201fe7df3dad9e7e0b2e1bb6
upstream_ffmpeg: needs-triage
lucid_ffmpeg: ignored (reached end-of-life)
precise_ffmpeg: DNE
precise/esm_ffmpeg: DNE
trusty_ffmpeg: DNE
trusty/esm_ffmpeg: DNE
utopic_ffmpeg: DNE
vivid_ffmpeg: not-affected (7:2.5.4-1)
vivid/stable-phone-overlay_ffmpeg: DNE
vivid/ubuntu-core_ffmpeg: DNE
wily_ffmpeg: not-affected (7:2.5.4-1)
xenial_ffmpeg: not-affected (7:2.5.4-1)
yakkety_ffmpeg: not-affected (7:2.5.4-1)
zesty_ffmpeg: not-affected (7:2.5.4-1)
artful_ffmpeg: not-affected (7:2.5.4-1)
bionic_ffmpeg: not-affected (7:2.5.4-1)
devel_ffmpeg: not-affected (7:2.5.4-1)