From secunia at $URL: Description Multiple vulnerabilities with an unknown impact have been reported in FFmpeg. The vulnerabilities are caused due to unspecified errors. No further information is currently available. The vulnerabilities are reported in versions prior to 0.11.1. Solution Update to version 0.11.1.
@maintainer: can we stabilize that version?
(In reply to comment #1) > @maintainer: can we stabilize that version? err no its still masked because some ~arch packages do not build
someone should check the list of all CVEs listed in $URL, this bug is likely a dupe of bug #420305 otherwise, check that ffmpeg-0.10.3 is affected, and if 0.10.4 is (0.10.4 was released _after_ 0.11.1) 0.10.4 is good to go stable
CVE-2012-2804 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2804): Unspecified vulnerability in libavcodec/indeo3.c in FFmpeg before 0.11 has unknown impact and attack vectors, related to "reallocation code" and the luma height and width. CVE-2012-2803 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2803): Double free vulnerability in the mpeg_decode_frame function in libavcodec/mpeg12.c in FFmpeg before 0.11 has unknown impact and attack vectors, related to resetting the data size value. CVE-2012-2802 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2802): Unspecified vulnerability in the ac3_decode_frame function in libavcodec/ac3dec.c in FFmpeg before 0.11 has unknown impact and attack vectors, related to the "number of output channels" and "out of array writes." CVE-2012-2801 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2801): Unspecified vulnerability in libavcodec/avs.c in FFmpeg before 0.11 has unknown impact and attack vectors, related to dimensions and "out of array writes." CVE-2012-2800 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2800): Unspecified vulnerability in the ff_ivi_process_empty_tile function in libavcodec/ivi_common.c in FFmpeg before 0.11 has unknown impact and attack vectors in which the "tile size ... mismatches parameters" and triggers "writing into a too small array." CVE-2012-2799 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2799): Unspecified vulnerability in libavcodec/wmalosslessdec.c in FFmpeg before 0.11 has unknown impact and attack vectors, related to the "put bit buffer when num_saved_bits is reset." CVE-2012-2798 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2798): Unspecified vulnerability in the decode_dds1 function in libavcodec/dfa.c in FFmpeg before 0.11 has unknown impact and attack vectors, related to an "out of array write." CVE-2012-2797 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2797): Unspecified vulnerability in the decode_frame_mp3on4 function in libavcodec/mpegaudiodec.c in FFmpeg before 0.11 has unknown impact and attack vectors related to a calculation that prevents a frame from being "large enough." CVE-2012-2796 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2796): Unspecified vulnerability in the vc1_decode_frame function in libavcodec/vc1dec.c in FFmpeg before 0.11 has unknown impact and attack vectors, related to inconsistencies in "coded slice positions and interlacing" that trigger "out of array writes." CVE-2012-2795 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2795): Multiple unspecified vulnerabilities in libavcodec/wmalosslessdec.c in FFmpeg before 0.11 have unknown impact and attack vectors related to (1) size of "mclms arrays," (2) "a get_bits(0) in decode_ac_filter," and (3) "too many bits in decode_channel_residues()." CVE-2012-2794 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2794): Unspecified vulnerability in the decode_mb_info function in libavcodec/indeo5.c in FFmpeg before 0.11 has unknown impact and attack vectors in which the "allocated tile size ... mismatches parameters." CVE-2012-2793 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2793): Unspecified vulnerability in the lag_decode_zero_run_line function in libavcodec/lagarith.c in FFmpeg before 0.11 has unknown impact and attack vectors related to "too many zeros." CVE-2012-2792 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2792): Unspecified vulnerability in the decode_init function in libavcodec/wmalosslessdec.c in FFmpeg before 0.11 has unknown impact and attack vectors, related to the samples per frame. CVE-2012-2791 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2791): Multiple unspecified vulnerabilities in the (1) decode_band_hdr function in indeo4.c and (2) ff_ivi_decode_blocks function in ivi_common.c in libavcodec/ in FFmpeg before 0.11 have unknown impact and attack vectors, related to the "transform size." CVE-2012-2790 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2790): Unspecified vulnerability in the read_var_block_data function in libavcodec/alsdec.c in FFmpeg before 0.11 has unknown impact and attack vectors, related to the "number of decoded samples in first sub-block in BGMC mode." CVE-2012-2789 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2789): Unspecified vulnerability in the avi_read_packet function in libavformat/avidec.c in FFmpeg before 0.11 has unknown impact and attack vectors, related to a large number of vector coded coefficients (num_vec_coeffs). CVE-2012-2788 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2788): Unspecified vulnerability in the avi_read_packet function in libavformat/avidec.c in FFmpeg before 0.11 has unknown impact and attack vectors, related to an "out of array read" when a "packet is shrunk." CVE-2012-2787 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2787): Unspecified vulnerability in the decode_frame function in libavcodec/indeo4.c in FFmpeg before 0.11 has unknown impact and attack vectors, related to the "setup width/height." CVE-2012-2786 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2786): Unspecified vulnerability in the decode_wdlt function in libavcodec/dfa.c in FFmpeg before 0.11 has unknown impact and attack vectors, related to an "out of array write." CVE-2012-2785 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2785): Multiple unspecified vulnerabilities in libavcodec/wmalosslessdec.c in FFmpeg before 0.11 have unknown impact and attack vectors, related to (1) "some subframes only encode some channels" or (2) a large order value. CVE-2012-2784 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2784): Unspecified vulnerability in the decode_pic function in libavcodec/cavsdec.c in FFmpeg before 0.11 has unknown impact and attack vectors, related to "width/height changing in CAVS," a different vulnerability than CVE-2012-2777. CVE-2012-2783 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2783): Unspecified vulnerability in libavcodec/vp56.c in FFmpeg before 0.11 has unknown impact and attack vectors, related to "freeing the returned frame." CVE-2012-2782 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2782): Unspecified vulnerability in the decode_slice_header function in libavcodec/h264.c in FFmpeg before 0.11 has unknown impact and attack vectors, related to a "rejected resolution change." CVE-2012-2779 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2779): Unspecified vulnerability in the decode_frame function in libavcodec/indeo5.c in FFmpeg before 0.11 has unknown impact and attack vectors, related to an invalid "gop header" and decoding in a "half initialized context." CVE-2012-2777 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2777): Unspecified vulnerability in the decode_pic function in libavcodec/cavsdec.c in FFmpeg before 0.11 has unknown impact and attack vectors, related to "width/height changing in CAVS," a different vulnerability than CVE-2012-2784. CVE-2012-2776 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2776): Unspecified vulnerability in the decode_cell_data function in libavcodec/indeo3.c in FFmpeg before 0.11 has unknown impact and attack vectors, related to an "out of picture write." CVE-2012-2775 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2775): Unspecified vulnerability in the read_var_block_data function in libavcodec/alsdec.c in FFmpeg before 0.11 has unknown impact and attack vectors, related to a large order and an "out of array write in quant_cof." CVE-2012-2774 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2774): The ff_MPV_frame_start function in libavcodec/mpegvideo.c in FFmpeg before 0.11 allows remote attackers to cause a denial of service (memory corruption) via unspecified vectors, relate to starting "a frame outside SETUP state." CVE-2012-2772 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2772): Unspecified vulnerability in the ff_rv34_decode_frame function in libavcodec/rv34.c in FFmpeg before 0.11 has unknown impact and attack vectors, related to "width/height changing with frame threading."
I hadnt noticed 0.10.6 had been released... version 0.10.6: - many bug fixes that where found with Coverity - The following CVE fixes where backported: CVE-2012-2796, CVE-2012-2775, CVE-2012-2772, CVE-2012-2776, CVE-2012-2779, CVE-2012-2787, CVE-2012-2794, CVE-2012-2800, CVE-2012-2802, CVE-2012-2801, CVE-2012-2786, CVE-2012-2798, CVE-2012-2793, CVE-2012-2789, CVE-2012-2788, CVE-2012-2790, CVE-2012-2777, CVE-2012-2784 - hundreads of other bug fixes, some possibly security relevant, see the git log for details. so 0.10.6 should go stable.
(In reply to comment #5) > so 0.10.6 should go stable. Did you expect security@ to CC arch's or forgot? I bet it's one of these, so CCing them now.
Arches, please test and mark stable: =media-video/ffmpeg-0.10.6 Target keywords : "alpha amd64 arm hppa ia64 ppc ppc64 sparc x86"
Stable for HPPA.
amd64 stable
x86 stable
ppc64 stable
alpha stable
arm stable
ia64 stable
sparc stable
ppc stable
Added to - and updated - existing GLSA draft.
nothing left to do for media-video@
This issue was resolved and addressed in GLSA 201310-12 at http://security.gentoo.org/glsa/glsa-201310-12.xml by GLSA coordinator Sean Amoss (ackle).