Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 397893 (CVE-2011-3893)

Summary: <media-video/ffmpeg-0.10.2: multiple vulnerabilities (CVE-2011-{3893,3895,4579},CVE-2012-{0849,0855})
Product: Gentoo Security Reporter: Alexis Ballier <aballier>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: normal    
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: https://secunia.com/advisories/47383/
Whiteboard: B2 [glsa]
Package list:
Runtime testing required: ---
Bug Depends on: 395379    
Bug Blocks:    

Description Alexis Ballier gentoo-dev 2012-01-06 13:15:51 UTC 
from ffmpeg.org:
We have made a new point release, (0.9.1). It contains many bug and security fixes, amongth them CVE-2011-3893 and CVE-2011-3895.

(those are chrome CVE's but it seems the culprit was ffmpeg, didnt check if those were not fixed in 0.7.8 for example)
Comment 1 Agostino Sarubbo gentoo-dev 2012-01-06 14:08:45 UTC 
@Alexis, 0.9.1 is ready to stabilize?
Comment 2 Alexis Ballier gentoo-dev 2012-01-06 14:10:55 UTC 
(In reply to comment #1)
> @Alexis, 0.9.1 is ready to stabilize?

id like to, but see bug #394809 comment 4 (and followers)
Comment 3 Alexis Ballier gentoo-dev 2012-01-06 14:19:18 UTC 
(In reply to comment #2)
> (In reply to comment #1)
> > @Alexis, 0.9.1 is ready to stabilize?
> 
> id like to, but see bug #394809 comment 4 (and followers)

iow: nothing moved, so my vote would be to cc arches and let them do the tinderbox run. i've asked diego for a tinderbox run prior to unmasking ffmpeg 0.8, didnt get it, you can see in that bug that there were no reply either for 0.9. even arch teams didnt move for rekeywording >=0.8, which bug was opened 1.5 months ago. if noone takes action, this can remain as such for a couple more months i think.
Comment 4 Sean Amoss (RETIRED) gentoo-dev Security 2012-05-13 23:10:02 UTC 
Thanks, everyone. Added to existing GLSA request.
Comment 5 GLSAMaker/CVETool Bot gentoo-dev 2012-08-24 22:06:52 UTC 
CVE-2011-4579 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4579):
  The svq1_decode_frame function in the SVQ1 decoder (svq1dec.c) in libavcodec
  in FFmpeg 0.5.x before 0.5.7, 0.6.x before 0.6.4, 0.7.x before 0.7.9, and
  0.8.x before 0.8.8; and in Libav 0.5.x before 0.5.6, 0.6.x before 0.6.4, and
  0.7.x before 0.7.3 allows remote attackers to cause a denial of service
  (memory corruption) via a crafted SVQ1 stream, related to "dimensions
  changed."
Comment 6 GLSAMaker/CVETool Bot gentoo-dev 2012-09-08 15:35:01 UTC 
CVE-2012-0855 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0855):
  Heap-based buffer overflow in the get_sot function in the J2K decoder
  (j2k.c) in libavcodec in FFmpeg before 0.9.1 allows remote attackers to
  cause a denial of service (application crash) via unspecified vectors
  related to the curtileno variable.

CVE-2012-0849 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0849):
  Integer overflow in the ff_j2k_dwt_init function in libavcodec/j2k_dwt.c in
  FFmpeg before 0.9.1 allows remote attackers to cause a denial of service
  (segmentation fault and application crash) via a crafted JPEG2000 image that
  triggers an incorrect check for a negative value.
Comment 7 Alexis Ballier gentoo-dev 2013-08-14 21:15:12 UTC 
nothing left to do for media-video@
Comment 8 GLSAMaker/CVETool Bot gentoo-dev 2013-10-25 19:11:42 UTC 
This issue was resolved and addressed in
 GLSA 201310-12 at http://security.gentoo.org/glsa/glsa-201310-12.xml
by GLSA coordinator Sean Amoss (ackle).