{"affected":[{"ecosystem_specific":{"binaries":[{"ffmpeg":"2.8.8-6.1","ffmpeg-devel":"2.8.8-6.1","libavcodec-devel":"2.8.8-6.1","libavcodec56":"2.8.8-6.1","libavdevice-devel":"2.8.8-6.1","libavdevice56":"2.8.8-6.1","libavfilter-devel":"2.8.8-6.1","libavfilter5":"2.8.8-6.1","libavformat-devel":"2.8.8-6.1","libavformat56":"2.8.8-6.1","libavresample-devel":"2.8.8-6.1","libavresample2":"2.8.8-6.1","libavutil-devel":"2.8.8-6.1","libavutil54":"2.8.8-6.1","libpostproc-devel":"2.8.8-6.1","libpostproc53":"2.8.8-6.1","libswresample-devel":"2.8.8-6.1","libswresample1":"2.8.8-6.1","libswscale-devel":"2.8.8-6.1","libswscale3":"2.8.8-6.1"}]},"package":{"ecosystem":"SUSE:Package Hub 12 SP1","name":"ffmpeg","purl":"pkg:rpm/suse/ffmpeg&distro=SUSE%20Package%20Hub%2012%20SP1"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"2.8.8-6.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for ffmpeg fixes multiple security issues in ffmpeg (boo#1003806)\n\nThese vulnerabilities can be triggered when processing specially crafted avi video content, and could lead to crashes or have unspecified further impact including potential code execution.\n\n- CVE-2016-7562: out-of-bounds array write fault via specially crafted avi files\n- CVE-2016-7502: out-of-bounds array write via incorrect block values\n- CVE-2016-7905: null-point-exception when decoding avi files with crafted 'gab2' structs\n- CVE-2016-7555: memory leak when decoding avi files with crafted 'strh' struct\n- CVE-2016-7785: assert fault via avi files with crafted 'strh' struct","id":"openSUSE-SU-2016:2560-1","modified":"2016-10-18T08:52:34Z","published":"2016-10-18T08:52:34Z","references":[{"type":"ADVISORY","url":null},{"type":"REPORT","url":"https://bugzilla.suse.com/1003806"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-7502"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-7555"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-7562"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-7785"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-7905"}],"related":["CVE-2016-7502","CVE-2016-7555","CVE-2016-7562","CVE-2016-7785","CVE-2016-7905"],"summary":"Security update for ffmpeg","upstream":["CVE-2016-7502","CVE-2016-7555","CVE-2016-7562","CVE-2016-7785","CVE-2016-7905"]}