From ${URL} : Description Some vulnerabilities have been reported in FFmpeg, which can be exploited by malicious people to cause a DoS (Denial of Service) and compromise an application using the library. 1) An error within the "kempf_decode_tile()" function (libavcodec/g2meet.c) can be exploited to trigger an out-of-bounds read memory access. 2) An error within the "format_line()" function (libavutil/log.c) can be exploited to trigger an out-of-bounds read memory access. 3) Some errors within the "split_field_copy()" and "ff_h264_fill_default_ref_list()" functions (libavcodec/h264_refs.c) can be exploited to cause buffer overflows. Successful exploitation of this vulnerability may allow execution of arbitrary code. Solution: Fixed in the source code repository. Provided and/or discovered by: The vendor credits Mateusz "j00ru" Jurczyk and Gynvael Coldwind. Original Advisory: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=6d9dad6a7cb5d544d540abf941fedbd34c14d2bd http://git.videolan.org/?p=ffmpeg.git;a=commit;h=808c10e728db2d92ccbb0f8b3bcd4a2f4305a2cf http://git.videolan.org/?p=ffmpeg.git;a=commit;h=4d388c0cd05dd4de545e8ea333ab4de7d67ad12d @maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
(In reply to Agostino Sarubbo from comment #0) > 1) An error within the "kempf_decode_tile()" function (libavcodec/g2meet.c) > can be exploited to trigger an > out-of-bounds read memory access. not in 1.0.* nor 1.2.* backported to 2.1 branch recently so will be in next 2.1 release -> not for us > 2) An error within the "format_line()" function (libavutil/log.c) can be > exploited to trigger an > out-of-bounds read memory access. seems to have been introduced by http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=148310ca1659e3be95a2e87a8e30d1894a32d6d6 not in 1.0.* nor 1.2.* backported to 2.1 branch recently so will be in next 2.1 release -> not for us > 3) Some errors within the "split_field_copy()" and > "ff_h264_fill_default_ref_list()" functions > (libavcodec/h264_refs.c) can be exploited to cause buffer overflows. seems valid; fixed only in master atm, need to check why
(In reply to Alexis Ballier from comment #1) please fix your summary btw, first 2 bugs are not present in <ffmpeg-2 and 3rd one isnt fixed in 2.0.1 it seems
Since it looks like this bug was not fully addressed setting the dependency for 548006, stabilization of 2.2.15
This issue was resolved and addressed in GLSA 201603-06 at https://security.gentoo.org/glsa/201603-06 by GLSA coordinator Kristian Fiskerstrand (K_F).