Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 433772

Summary: <media-video/ffmpeg-0.10.6 : multiple vulnerabilities (CVE-2012-{2772,2774,2775,2776,2777,2779,2782,2783,2784,2785,2786,2787,2788,2789,2790,2791,2792,2793,2794,2795,2796,2797,2798,2799,2800,2801,2802,2803,2804})
Product: Gentoo Security Reporter: Agostino Sarubbo <ago>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: normal CC: mrueg
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: https://secunia.com/advisories/50468/
Whiteboard: B2 [glsa]
Package list:
Runtime testing required: ---

Description Agostino Sarubbo gentoo-dev 2012-09-03 10:59:50 UTC 
From secunia at $URL:

Description
Multiple vulnerabilities with an unknown impact have been reported in FFmpeg.

The vulnerabilities are caused due to unspecified errors. No further information is currently available.

The vulnerabilities are reported in versions prior to 0.11.1.


Solution
Update to version 0.11.1.
Comment 1 Agostino Sarubbo gentoo-dev 2012-09-03 11:00:22 UTC 
@maintainer: can we stabilize that version?
Comment 2 Alexis Ballier gentoo-dev 2012-09-03 11:47:19 UTC 
(In reply to comment #1)
> @maintainer: can we stabilize that version?

err no its still masked because some ~arch packages do not build
Comment 3 Alexis Ballier gentoo-dev 2012-09-03 11:51:06 UTC 
someone should check the list of all CVEs listed in $URL, this bug is likely a dupe of bug #420305
otherwise, check that ffmpeg-0.10.3 is affected, and if 0.10.4 is (0.10.4 was released _after_ 0.11.1)
0.10.4 is good to go stable
Comment 4 GLSAMaker/CVETool Bot gentoo-dev 2012-09-11 11:07:11 UTC 
CVE-2012-2804 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2804):
  Unspecified vulnerability in libavcodec/indeo3.c in FFmpeg before 0.11 has
  unknown impact and attack vectors, related to "reallocation code" and the
  luma height and width.

CVE-2012-2803 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2803):
  Double free vulnerability in the mpeg_decode_frame function in
  libavcodec/mpeg12.c in FFmpeg before 0.11 has unknown impact and attack
  vectors, related to resetting the data size value.

CVE-2012-2802 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2802):
  Unspecified vulnerability in the ac3_decode_frame function in
  libavcodec/ac3dec.c in FFmpeg before 0.11 has unknown impact and attack
  vectors, related to the "number of output channels" and "out of array
  writes."

CVE-2012-2801 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2801):
  Unspecified vulnerability in libavcodec/avs.c in FFmpeg before 0.11 has
  unknown impact and attack vectors, related to dimensions and "out of array
  writes."

CVE-2012-2800 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2800):
  Unspecified vulnerability in the ff_ivi_process_empty_tile function in
  libavcodec/ivi_common.c in FFmpeg before 0.11 has unknown impact and attack
  vectors in which the "tile size ... mismatches parameters" and triggers
  "writing into a too small array."

CVE-2012-2799 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2799):
  Unspecified vulnerability in libavcodec/wmalosslessdec.c in FFmpeg before
  0.11 has unknown impact and attack vectors, related to the "put bit buffer
  when num_saved_bits is reset."

CVE-2012-2798 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2798):
  Unspecified vulnerability in the decode_dds1 function in libavcodec/dfa.c in
  FFmpeg before 0.11 has unknown impact and attack vectors, related to an "out
  of array write."

CVE-2012-2797 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2797):
  Unspecified vulnerability in the decode_frame_mp3on4 function in
  libavcodec/mpegaudiodec.c in FFmpeg before 0.11 has unknown impact and
  attack vectors related to a calculation that prevents a frame from being
  "large enough."

CVE-2012-2796 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2796):
  Unspecified vulnerability in the vc1_decode_frame function in
  libavcodec/vc1dec.c in FFmpeg before 0.11 has unknown impact and attack
  vectors, related to inconsistencies in "coded slice positions and
  interlacing" that trigger "out of array writes."

CVE-2012-2795 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2795):
  Multiple unspecified vulnerabilities in libavcodec/wmalosslessdec.c in
  FFmpeg before 0.11 have unknown impact and attack vectors related to (1)
  size of "mclms arrays," (2) "a get_bits(0) in decode_ac_filter," and (3)
  "too many bits in decode_channel_residues()."

CVE-2012-2794 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2794):
  Unspecified vulnerability in the decode_mb_info function in
  libavcodec/indeo5.c in FFmpeg before 0.11 has unknown impact and attack
  vectors in which the "allocated tile size ... mismatches parameters."

CVE-2012-2793 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2793):
  Unspecified vulnerability in the lag_decode_zero_run_line function in
  libavcodec/lagarith.c in FFmpeg before 0.11 has unknown impact and attack
  vectors related to "too many zeros."

CVE-2012-2792 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2792):
  Unspecified vulnerability in the decode_init function in
  libavcodec/wmalosslessdec.c in FFmpeg before 0.11 has unknown impact and
  attack vectors, related to the samples per frame.

CVE-2012-2791 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2791):
  Multiple unspecified vulnerabilities in the (1) decode_band_hdr function in
  indeo4.c and (2) ff_ivi_decode_blocks function in ivi_common.c in
  libavcodec/ in FFmpeg before 0.11 have unknown impact and attack vectors,
  related to the "transform size."

CVE-2012-2790 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2790):
  Unspecified vulnerability in the read_var_block_data function in
  libavcodec/alsdec.c in FFmpeg before 0.11 has unknown impact and attack
  vectors, related to the "number of decoded samples in first sub-block in
  BGMC mode."

CVE-2012-2789 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2789):
  Unspecified vulnerability in the avi_read_packet function in
  libavformat/avidec.c in FFmpeg before 0.11 has unknown impact and attack
  vectors, related to a large number of vector coded coefficients
  (num_vec_coeffs).

CVE-2012-2788 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2788):
  Unspecified vulnerability in the avi_read_packet function in
  libavformat/avidec.c in FFmpeg before 0.11 has unknown impact and attack
  vectors, related to an "out of array read" when a "packet is shrunk."

CVE-2012-2787 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2787):
  Unspecified vulnerability in the decode_frame function in
  libavcodec/indeo4.c in FFmpeg before 0.11 has unknown impact and attack
  vectors, related to the "setup width/height."

CVE-2012-2786 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2786):
  Unspecified vulnerability in the decode_wdlt function in libavcodec/dfa.c in
  FFmpeg before 0.11 has unknown impact and attack vectors, related to an "out
  of array write."

CVE-2012-2785 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2785):
  Multiple unspecified vulnerabilities in libavcodec/wmalosslessdec.c in
  FFmpeg before 0.11 have unknown impact and attack vectors, related to (1)
  "some subframes only encode some channels" or (2) a large order value.

CVE-2012-2784 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2784):
  Unspecified vulnerability in the decode_pic function in libavcodec/cavsdec.c
  in FFmpeg before 0.11 has unknown impact and attack vectors, related to
  "width/height changing in CAVS," a different vulnerability than
  CVE-2012-2777.

CVE-2012-2783 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2783):
  Unspecified vulnerability in libavcodec/vp56.c in FFmpeg before 0.11 has
  unknown impact and attack vectors, related to "freeing the returned frame."

CVE-2012-2782 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2782):
  Unspecified vulnerability in the decode_slice_header function in
  libavcodec/h264.c in FFmpeg before 0.11 has unknown impact and attack
  vectors, related to a "rejected resolution change."

CVE-2012-2779 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2779):
  Unspecified vulnerability in the decode_frame function in
  libavcodec/indeo5.c in FFmpeg before 0.11 has unknown impact and attack
  vectors, related to an invalid "gop header" and decoding in a "half
  initialized context."

CVE-2012-2777 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2777):
  Unspecified vulnerability in the decode_pic function in libavcodec/cavsdec.c
  in FFmpeg before 0.11 has unknown impact and attack vectors, related to
  "width/height changing in CAVS," a different vulnerability than
  CVE-2012-2784.

CVE-2012-2776 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2776):
  Unspecified vulnerability in the decode_cell_data function in
  libavcodec/indeo3.c in FFmpeg before 0.11 has unknown impact and attack
  vectors, related to an "out of picture write."

CVE-2012-2775 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2775):
  Unspecified vulnerability in the read_var_block_data function in
  libavcodec/alsdec.c in FFmpeg before 0.11 has unknown impact and attack
  vectors, related to a large order and an "out of array write in quant_cof."

CVE-2012-2774 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2774):
  The ff_MPV_frame_start function in libavcodec/mpegvideo.c in FFmpeg before
  0.11 allows remote attackers to cause a denial of service (memory
  corruption) via unspecified vectors, relate to starting "a frame outside
  SETUP state."

CVE-2012-2772 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2772):
  Unspecified vulnerability in the ff_rv34_decode_frame function in
  libavcodec/rv34.c in FFmpeg before 0.11 has unknown impact and attack
  vectors, related to "width/height changing with frame threading."
Comment 5 Alexis Ballier gentoo-dev 2012-11-14 12:36:50 UTC 
I hadnt noticed 0.10.6 had been released...

version 0.10.6:

- many bug fixes that where found with Coverity

- The following CVE fixes where backported:
  CVE-2012-2796, CVE-2012-2775, CVE-2012-2772, CVE-2012-2776,
  CVE-2012-2779, CVE-2012-2787, CVE-2012-2794, CVE-2012-2800,
  CVE-2012-2802, CVE-2012-2801, CVE-2012-2786, CVE-2012-2798,
  CVE-2012-2793, CVE-2012-2789, CVE-2012-2788, CVE-2012-2790,
  CVE-2012-2777, CVE-2012-2784

- hundreads of other bug fixes, some possibly security relevant,
  see the git log for details.


so 0.10.6 should go stable.
Comment 6 Samuli Suominen (RETIRED) gentoo-dev 2013-03-12 07:57:07 UTC 
(In reply to comment #5)
> so 0.10.6 should go stable.

Did you expect security@ to CC arch's or forgot? I bet it's one of these, so CCing them now.
Comment 7 Agostino Sarubbo gentoo-dev 2013-03-12 14:45:59 UTC 
Arches, please test and mark stable:
=media-video/ffmpeg-0.10.6
Target keywords : "alpha amd64 arm hppa ia64 ppc ppc64 sparc x86"
Comment 8 Jeroen Roovers (RETIRED) gentoo-dev 2013-03-12 15:43:33 UTC 
Stable for HPPA.
Comment 9 Agostino Sarubbo gentoo-dev 2013-03-13 09:12:33 UTC 
amd64 stable
Comment 10 Agostino Sarubbo gentoo-dev 2013-03-13 09:15:09 UTC 
x86 stable
Comment 11 Agostino Sarubbo gentoo-dev 2013-03-13 11:24:55 UTC 
ppc64 stable
Comment 12 Agostino Sarubbo gentoo-dev 2013-03-14 06:53:39 UTC 
alpha stable
Comment 13 Agostino Sarubbo gentoo-dev 2013-03-14 07:01:22 UTC 
arm stable
Comment 14 Agostino Sarubbo gentoo-dev 2013-03-14 07:48:39 UTC 
ia64 stable
Comment 15 Agostino Sarubbo gentoo-dev 2013-03-14 12:44:20 UTC 
sparc stable
Comment 16 Agostino Sarubbo gentoo-dev 2013-03-14 15:07:30 UTC 
ppc stable
Comment 17 Sean Amoss (RETIRED) gentoo-dev Security 2013-03-14 22:23:48 UTC 
Added to - and updated - existing GLSA draft.
Comment 18 Alexis Ballier gentoo-dev 2013-08-14 21:16:39 UTC 
nothing left to do for media-video@
Comment 19 GLSAMaker/CVETool Bot gentoo-dev 2013-10-25 19:11:54 UTC 
This issue was resolved and addressed in
 GLSA 201310-12 at http://security.gentoo.org/glsa/glsa-201310-12.xml
by GLSA coordinator Sean Amoss (ackle).