397893 – (CVE-2011-3893) <media-video/ffmpeg-0.10.2: multiple vulnerabilities (CVE-2011-{3893,3895,4579},CVE-2012-{0849,0855})

Bug 397893 (CVE-2011-3893) - <media-video/ffmpeg-0.10.2: multiple vulnerabilities (CVE-2011-{3893,3895,4579},CVE-2012-{0849,0855})

Summary: <media-video/ffmpeg-0.10.2: multiple vulnerabilities (CVE-2011-{3893,3895,457...

Status:	RESOLVED FIXED

Alias:	CVE-2011-3893

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal normal (vote)
Assignee:	Gentoo Security

URL:	https://secunia.com/advisories/47383/
Whiteboard:	B2 [glsa]
Keywords:

Depends on:	ffmpeg-0.10
Blocks:
	Show dependency tree

Reported:	2012-01-06 13:15 UTC by Alexis Ballier
Modified:	2013-10-25 19:11 UTC (History)
CC List:	0 users

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Alexis Ballier gentoo-dev

2012-01-06 13:15:51 UTC

from ffmpeg.org:
We have made a new point release, (0.9.1). It contains many bug and security fixes, amongth them CVE-2011-3893 and CVE-2011-3895.

(those are chrome CVE's but it seems the culprit was ffmpeg, didnt check if those were not fixed in 0.7.8 for example)

Comment 1 Agostino Sarubbo gentoo-dev

2012-01-06 14:08:45 UTC

@Alexis, 0.9.1 is ready to stabilize?

Comment 2 Alexis Ballier gentoo-dev

2012-01-06 14:10:55 UTC

(In reply to comment #1)
> @Alexis, 0.9.1 is ready to stabilize?

id like to, but see bug #394809 comment 4 (and followers)

Comment 3 Alexis Ballier gentoo-dev

2012-01-06 14:19:18 UTC

(In reply to comment #2)
> (In reply to comment #1)
> > @Alexis, 0.9.1 is ready to stabilize?
> 
> id like to, but see bug #394809 comment 4 (and followers)

iow: nothing moved, so my vote would be to cc arches and let them do the tinderbox run. i've asked diego for a tinderbox run prior to unmasking ffmpeg 0.8, didnt get it, you can see in that bug that there were no reply either for 0.9. even arch teams didnt move for rekeywording >=0.8, which bug was opened 1.5 months ago. if noone takes action, this can remain as such for a couple more months i think.

Comment 4 Sean Amoss (RETIRED) gentoo-dev

2012-05-13 23:10:02 UTC

Thanks, everyone. Added to existing GLSA request.

Comment 5 GLSAMaker/CVETool Bot gentoo-dev

2012-08-24 22:06:52 UTC

CVE-2011-4579 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4579):
  The svq1_decode_frame function in the SVQ1 decoder (svq1dec.c) in libavcodec
  in FFmpeg 0.5.x before 0.5.7, 0.6.x before 0.6.4, 0.7.x before 0.7.9, and
  0.8.x before 0.8.8; and in Libav 0.5.x before 0.5.6, 0.6.x before 0.6.4, and
  0.7.x before 0.7.3 allows remote attackers to cause a denial of service
  (memory corruption) via a crafted SVQ1 stream, related to "dimensions
  changed."

Comment 6 GLSAMaker/CVETool Bot gentoo-dev

2012-09-08 15:35:01 UTC

CVE-2012-0855 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0855):
  Heap-based buffer overflow in the get_sot function in the J2K decoder
  (j2k.c) in libavcodec in FFmpeg before 0.9.1 allows remote attackers to
  cause a denial of service (application crash) via unspecified vectors
  related to the curtileno variable.

CVE-2012-0849 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0849):
  Integer overflow in the ff_j2k_dwt_init function in libavcodec/j2k_dwt.c in
  FFmpeg before 0.9.1 allows remote attackers to cause a denial of service
  (segmentation fault and application crash) via a crafted JPEG2000 image that
  triggers an incorrect check for a negative value.

Comment 7 Alexis Ballier gentoo-dev

2013-08-14 21:15:12 UTC

nothing left to do for media-video@

Comment 8 GLSAMaker/CVETool Bot gentoo-dev

2013-10-25 19:11:42 UTC

This issue was resolved and addressed in
 GLSA 201310-12 at http://security.gentoo.org/glsa/glsa-201310-12.xml
by GLSA coordinator Sean Amoss (ackle).