Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 485228 - <media-video/ffmpeg-2.2.12: Multiple Vulnerabilities
Summary: <media-video/ffmpeg-2.2.12: Multiple Vulnerabilities
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL: https://secunia.com/advisories/54857/
Whiteboard: B2 [glsa]
Keywords:
Depends on: CVE-2015-3395
Blocks:
  Show dependency tree
 
Reported: 2013-09-17 19:01 UTC by Agostino Sarubbo
Modified: 2016-03-12 11:20 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Agostino Sarubbo gentoo-dev 2013-09-17 19:01:35 UTC 
From ${URL} :

Description

Multiple vulnerabilities have been reported in FFmpeg, which can be exploited by malicious people 
to cause a DoS (Denial of Service) and potentially compromise a user's system.

1) An error within the "avpriv_dv_produce_packet()" function (libavformat/dv.c) can be exploited to 
trigger an out-of-bounds memory read access and subsequently cause a crash.

2) An error within the "smacker_decode_header_tree()" function (libavcodec/smacker.c) can be 
exploited to trigger an out-of-bounds memory access.

3) An integer overflow error within the "smacker_read_packet()" function (libavformat/smacker.c) 
can be exploited to cause a heap-based buffer overflow.

4) An error exists within the "cin_read_frame_header()" function (libavformat/dsicin.c).

5) An error within the "g2m_load_cursor()" function (libavcodec/g2meet.c) can be exploited to 
corrupt memory.

6) An integer overflow error within the "mpc8_parse_seektable()" function (libavformat/mpc8.c) can 
be exploited to cause a heap-based buffer overflow.

7) A boundary error within the "decode_frame()" function (libavcodec/zmbv.c) can be exploited to 
cause a memory corruption.

8) An error within the "decode_wave_header()" function (libavcodec/shorten.c) can be exploited to 
cause a crash.

Successful exploitation of vulnerabilities #3, #4, #5, #6, and #7 may allow execution of arbitrary 
code.


Solution:
Fixed in the GIT repository.

Provided and/or discovered by:
The vendor credits Mateusz "j00ru" Jurczyk and Gynvael Coldwind.

Original Advisory:
http://git.videolan.org/?p=ffmpeg.git;a=commit;h=7ee191cab0dc44700f26c5784e2adeb6a779651b
http://git.videolan.org/?p=ffmpeg.git;a=commit;h=0679cec6e8802643bbe6d5f68ca1110a7d3171da
http://git.videolan.org/?p=ffmpeg.git;a=commit;h=710b0e27025948b7511821c2f888ff2d74a59e14
http://git.videolan.org/?p=ffmpeg.git;a=commit;h=48d6556dd46d4f4fac10d0f4a819e314887cd50e
http://git.videolan.org/?p=ffmpeg.git;a=commit;h=b1e469885362febce3d9a4678624e44a92f77da9
http://git.videolan.org/?p=ffmpeg.git;a=commit;h=459f2b393a3f89ed08d10fbceb4738d1429f268e
http://git.videolan.org/?p=ffmpeg.git;a=commit;h=0d61f260010707f3028b818e8b24598e1a83d696
http://git.videolan.org/?p=ffmpeg.git;a=commit;h=b26742cc308552f242ee2bf93b07a3ff509f4edc


@maintainer(s): after the bump, in case we need to stabilize the package, please say explicitly if it is ready for the stabilization or not.
Comment 1 Alexis Ballier gentoo-dev 2015-02-15 10:50:46 UTC 
those fixes should be in 2.2.12; having CVE references would help for being sure
Comment 2 Yury German Gentoo Infrastructure gentoo-dev 2015-07-01 13:25:11 UTC 
Since 1.1.X and 1.2.X is no longer maintained and 
2.2.14 is being stabilized, but higher version without bugs is 2.2.15. Once stabilized we can clean up 1.1.x and 1.2.x

Setting dependency on: 548006
Comment 3 GLSAMaker/CVETool Bot gentoo-dev 2016-03-12 11:20:25 UTC 
This issue was resolved and addressed in
 GLSA 201603-06 at https://security.gentoo.org/glsa/201603-06
by GLSA coordinator Kristian Fiskerstrand (K_F).