ALT Linux Team

Package mediainfo update in sisyphus on 2020-08-20

ALT-PU-2020-2638-1

Package mediainfo updated to version 20.08-alt1 for branch sisyphus in task 256514.

Closed vulnerabilities

Published: 2020-06-30
Modified: 2024-11-21

CVE-2020-15395

In MediaInfoLib in MediaArea MediaInfo 20.03, there is a stack-based buffer over-read in Streams_Fill_PerStream in Multiple/File_MpegPs.cpp (aka an off-by-one during MpegPs parsing).

Severity: HIGH (7.8) Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
References:
Published: 2021-03-18
Modified: 2024-11-21

CVE-2020-26797

Mediainfo before version 20.08 has a heap buffer overflow vulnerability via MediaInfoLib::File_Gxf::ChooseParser_ChannelGrouping.

Severity: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
References:
VKontakte | Telegram | YouTube | Forum | GitHub | Bugzilla
Version: 2.1.0
Back to top