493452 – <media-video/ffmpeg-2.0.1: Multiple vulnerabilities

Bug 493452 - <media-video/ffmpeg-2.0.1: Multiple vulnerabilities

Summary: <media-video/ffmpeg-2.0.1: Multiple vulnerabilities

Status:	RESOLVED FIXED

Alias:	None

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal normal (vote)
Assignee:	Gentoo Security

URL:	http://secunia.com/advisories/55946/
Whiteboard:	B2 [glsa+]
Keywords:

Depends on:
Blocks:

Reported:	2013-12-06 15:33 UTC by Agostino Sarubbo
Modified:	2016-03-12 11:20 UTC (History)
CC List:	1 user (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Agostino Sarubbo gentoo-dev

2013-12-06 15:33:25 UTC

From ${URL} :

Description

Some vulnerabilities have been reported in FFmpeg, which can be exploited by malicious people to cause a 
DoS (Denial of Service) and compromise an application using the library.

1) An error within the "kempf_decode_tile()" function (libavcodec/g2meet.c) can be exploited to trigger an 
out-of-bounds read memory access.

2) An error within the "format_line()" function (libavutil/log.c) can be exploited to trigger an 
out-of-bounds read memory access.

3) Some errors within the "split_field_copy()" and "ff_h264_fill_default_ref_list()" functions 
(libavcodec/h264_refs.c) can be exploited to cause buffer overflows.

Successful exploitation of this vulnerability may allow execution of arbitrary code.


Solution:
Fixed in the source code repository.

Provided and/or discovered by:
The vendor credits Mateusz "j00ru" Jurczyk and Gynvael Coldwind.

Original Advisory:
http://git.videolan.org/?p=ffmpeg.git;a=commit;h=6d9dad6a7cb5d544d540abf941fedbd34c14d2bd
http://git.videolan.org/?p=ffmpeg.git;a=commit;h=808c10e728db2d92ccbb0f8b3bcd4a2f4305a2cf
http://git.videolan.org/?p=ffmpeg.git;a=commit;h=4d388c0cd05dd4de545e8ea333ab4de7d67ad12d


@maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.

Comment 1 Alexis Ballier gentoo-dev

2014-01-09 10:09:23 UTC

(In reply to Agostino Sarubbo from comment #0)
> 1) An error within the "kempf_decode_tile()" function (libavcodec/g2meet.c)
> can be exploited to trigger an 
> out-of-bounds read memory access.

not in 1.0.* nor 1.2.*
backported to 2.1 branch recently so will be in next 2.1 release

-> not for us

> 2) An error within the "format_line()" function (libavutil/log.c) can be
> exploited to trigger an 
> out-of-bounds read memory access.

seems to have been introduced by http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=148310ca1659e3be95a2e87a8e30d1894a32d6d6

not in 1.0.* nor 1.2.*
backported to 2.1 branch recently so will be in next 2.1 release

-> not for us

> 3) Some errors within the "split_field_copy()" and
> "ff_h264_fill_default_ref_list()" functions 
> (libavcodec/h264_refs.c) can be exploited to cause buffer overflows.

seems valid; fixed only in master atm, need to check why

Comment 2 Alexis Ballier gentoo-dev

2014-01-09 10:10:23 UTC

(In reply to Alexis Ballier from comment #1)

please fix your summary btw, first 2 bugs are not present in <ffmpeg-2 and 3rd one isnt fixed in 2.0.1 it seems

Comment 3 Yury German Gentoo Infrastructure

2015-07-01 13:15:05 UTC

Since it looks like this bug was not fully addressed setting the dependency for 548006, stabilization of 2.2.15

Comment 4 GLSAMaker/CVETool Bot gentoo-dev

2016-03-12 11:20:56 UTC

This issue was resolved and addressed in
 GLSA 201603-06 at https://security.gentoo.org/glsa/201603-06
by GLSA coordinator Kristian Fiskerstrand (K_F).