Bug 9662

Summary: Updated mediainfo packages a fix security vulnerability (CVE-2020-15395)
Product: [ROSA-based products] ROSA Fresh Reporter: Dmitry Postnikov <pastordidi>
Component: Packages from MainAssignee: ROSA Linux Bugs <bugs>
Status: RESOLVED FIXED QA Contact: ROSA Linux Bugs <bugs>
Severity: normal    
Priority: Normal CC: andrey.bondrov, denis.silakov, m.novosyolov, mc2374, zombie.ryushu
Version: Plasma5   
Target Milestone: ---   
Hardware: All   
OS: Linux   
URL: https://advisories.mageia.org/MGASA-2021-0134.html
Whiteboard:
Platform: 2016.1 ROSA Vulnerability identifier: CVE-2020-15395
RPM Package: mediainfo-18.12-1.src.rpm ISO-related:
Bad POT generating: Upstream:
Attachments: mf1

Description Dmitry Postnikov 2019-01-14 23:39:52 MSK 
Created attachment 5098 [details]
mf1

mediainfo-gui-wx-18.12 не локализована
Comment 1 Zombie Ryushu 2021-03-22 09:24:54 MSK 
In MediaInfoLib in MediaArea MediaInfo 20.03, there is a stack-based buffer
over-read in Streams_Fill_PerStream in Multiple/File_MpegPs.cpp (aka an
off-by-one during MpegPs parsing) (CVE-2020-15395).
Comment 2 Giovanni Mariani 2021-03-22 14:19:17 MSK 
There are also:
CVE-2019-11372
CVE-2019-11373
CVE-2020-26797
Comment 3 Giovanni Mariani 2021-03-22 21:22:17 MSK 
Published release 20.09 for 2016.1 and 2019.1.