Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 624978 - media-video/ffmpeg: Multiple vulnerabilities
Summary: media-video/ffmpeg: Multiple vulnerabilities
Status: RESOLVED INVALID
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2017-07-14 12:00 UTC by Andrey Ovcharov
Modified: 2017-07-14 15:42 UTC (History)
0 users

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Andrey Ovcharov 2017-07-14 12:00:26 UTC 
https://nvd.nist.gov/vuln/detail/CVE-2017-7859

"FFmpeg before 2017-03-05 has an out-of-bounds write caused by a heap-based buffer overflow related to the ff_h264_slice_context_init function in libavcodec/h264dec.c."

https://nvd.nist.gov/vuln/detail/CVE-2017-9991

"Heap-based buffer overflow in the xwd_decode_frame function in libavcodec/xwddec.c in FFmpeg before 2.8.12, 3.0.x before 3.0.8, 3.1.x before 3.1.8, 3.2.x before 3.2.5, and 3.3.x before 3.3.1 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file."

https://nvd.nist.gov/vuln/detail/CVE-2017-9992

"Heap-based buffer overflow in the decode_dds1 function in libavcodec/dfa.c in FFmpeg before 2.8.12, 3.0.x before 3.0.8, 3.1.x before 3.1.8, 3.2.x before 3.2.5, and 3.3.x before 3.3.1 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file."

https://nvd.nist.gov/vuln/detail/CVE-2017-9993

"FFmpeg before 2.8.12, 3.0.x and 3.1.x before 3.1.9, 3.2.x before 3.2.6, and 3.3.x before 3.3.2 does not properly restrict HTTP Live Streaming filename extensions and demuxer names, which allows attackers to read arbitrary files via crafted playlist data."

https://nvd.nist.gov/vuln/detail/CVE-2017-9994

"libavcodec/webp.c in FFmpeg before 2.8.12, 3.0.x before 3.0.8, 3.1.x before 3.1.8, 3.2.x before 3.2.5, and 3.3.x before 3.3.1 does not ensure that pix_fmt is set, which allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted file, related to the vp8_decode_mb_row_no_filter and pred8x8_128_dc_8_c functions."

https://nvd.nist.gov/vuln/detail/CVE-2017-9995

"libavcodec/scpr.c in FFmpeg 3.3 before 3.3.1 does not properly validate height and width data, which allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted file."

https://nvd.nist.gov/vuln/detail/CVE-2017-9996

"The cdxl_decode_frame function in libavcodec/cdxl.c in FFmpeg 2.8.x before 2.8.12, 3.0.x before 3.0.8, 3.1.x before 3.1.8, 3.2.x before 3.2.5, and 3.3.x before 3.3.1 does not exclude the CHUNKY format, which allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted file."
Comment 1 Brian Evans (RETIRED) gentoo-dev 2017-07-14 13:05:04 UTC 
All but the first of the list is a duplicate of bug 622912
Comment 2 Agostino Sarubbo gentoo-dev 2017-07-14 15:22:27 UTC 
Andrey: if the bug from clusterfuzz contains regressed, it means that it never went in any release
Comment 3 Agostino Sarubbo gentoo-dev 2017-07-14 15:23:21 UTC 
* it probably means that the regression was caused during the development and didn't do in any release.