Summary: | <media-libs/xvid-1.2.2: Arbitrary code execution, other impact (CVE-2009-{0893,0894}) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Robert Buchholz (RETIRED) <rbu> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | jaak, media-video |
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://www.xvid.org/Downloads.43.0.html | ||
Whiteboard: | B2 [noglsa] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | |||
Bug Blocks: | 211652, 222477, 231805 |
Description
Robert Buchholz (RETIRED)
2009-05-29 16:01:33 UTC
Issue 1: resync marker range check http://cvs.xvid.org/cvs/viewvc.cgi/xvidcore/src/decoder.c?r1=1.80&r2=1.80.2.1&view=patch Issue 2: RGB24 access violation http://cvs.xvid.org/cvs/viewvc.cgi/xvidcore/src/image/image.c?r1=1.43&r2=1.43.2.1 Issue 3: dshow xvidcore XVID_ERR_MEMORY return code http://cvs.xvid.org/cvs/viewvc.cgi/xvidcore/dshow/src/CXvidDecoder.cpp?r1=1.16&r2=1.17&view=patch *xvid-1.2.2 (29 May 2009) 29 May 2009; Samuli Suominen <ssuominen@gentoo.org> +xvid-1.2.2.ebuild: Version bump for security #271786, thanks to Robert Buchholz. (In reply to comment #2) > *xvid-1.2.2 (29 May 2009) > > 29 May 2009; Samuli Suominen <ssuominen@gentoo.org> +xvid-1.2.2.ebuild: > Version bump for security #271786, thanks to Robert Buchholz. > Sorry, I've fixed execstacks as well. *xvid-1.2.2-r1 (29 May 2009) 29 May 2009; Samuli Suominen <ssuominen@gentoo.org> -xvid-1.2.1.ebuild, -xvid-1.2.2.ebuild, +xvid-1.2.2-r1.ebuild, +files/xvid-1.2.2-no_execstacks.patch: Fix execstacks wrt #258804, thanks to en.ABCD at gmail.org. Test this instead. Arches, please test and mark stable: =media-libs/xvid-1.2.2-r1 Target keywords : "alpha amd64 arm hppa ia64 ppc ppc64 sparc x86" Commented out the no_execstacks patch, it wasn't working properly afterall. So, 1.2.2-r1 is basically same as 1.2.2. As in, vanilla xvid. Please do proceed, reopened bug 258804. ppc64 done ppc done Stable for HPPA. amd64/x86 stable alpha/arm/ia64/sparc stable CVE-2009-0893 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0893): Multiple heap-based buffer overflows in xvidcore/src/decoder.c in the xvidcore library in Xvid before 1.2.2, as used by Windows Media Player and other applications, allow remote attackers to execute arbitrary code by providing a crafted macroblock (aka MBlock) number in a video stream in a crafted movie file that triggers heap memory corruption, related to a "missing resync marker range check" and the (1) decoder_iframe, (2) decoder_pframe, and (3) decoder_bframe functions. CVE-2009-0894 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0894): Heap-based buffer overflow in the decoder_create function in the initialization functionality in xvidcore/src/decoder.c in Xvid before 1.2.2, as used by Windows Media Player and other applications, allows remote attackers to execute arbitrary code via vectors involving the DirectShow (aka DShow) frontend and improper handling of the XVID_ERR_MEMORY return code during processing of a crafted movie file. NOTE: some of these details are obtained from third party information. <media-libs/xvid-1.2.2-r1 is no longer in portage. This issue has been fixed since Jun 02, 2009. No GLSA will be issued. |