Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 482862 (CVE-2013-2276)

Summary: media-video/ffmpeg: Multiple vulnerabilities (CVE-2013-{2276,2277,2495,2496})
Product: Gentoo Security Reporter: GLSAMaker/CVETool Bot <glsamaker>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: minor CC: media-video
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard: B3 [noglsa/cve]
Package list:
Runtime testing required: ---

Description GLSAMaker/CVETool Bot gentoo-dev 2013-08-29 01:32:29 UTC 
CVE-2013-2496 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2496):
  The msrle_decode_8_16_24_32 function in msrledec.c in libavcodec in FFmpeg
  through 1.1.3 does not properly determine certain end pointers, which allows
  remote attackers to cause a denial of service (out-of-bounds array access
  and application crash) or possibly have unspecified other impact via crafted
  Microsoft RLE data.

CVE-2013-2495 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2495):
  The iff_read_header function in iff.c in libavformat in FFmpeg through 1.1.3
  does not properly handle data sizes for Interchange File Format (IFF) data
  during operations involving a CMAP chunk or a video codec, which allows
  remote attackers to cause a denial of service (integer overflow,
  out-of-bounds array access, and application crash) or possibly have
  unspecified other impact via a crafted header.

CVE-2013-2277 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2277):
  The ff_h264_decode_seq_parameter_set function in h264_ps.c in libavcodec in
  FFmpeg before 1.1.3 does not validate the relationship between luma depth
  and chroma depth, which allows remote attackers to cause a denial of service
  (out-of-bounds array access and application crash) or possibly have
  unspecified other impact via crafted H.264 data.

CVE-2013-2276 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2276):
  The avcodec_decode_audio4 function in utils.c in libavcodec in FFmpeg before
  1.1.3 does not verify the decoding state before proceeding with certain skip
  operations, which allows remote attackers to cause a denial of service
  (out-of-bounds array access and application crash) or possibly have
  unspecified other impact via crafted audio data.


I couldn't find these in any bug, but for that matter I'm not sure if they're relevant. @maintainers: does this affect 1.0.7?
Comment 1 Alexis Ballier gentoo-dev 2015-02-15 10:53:46 UTC 
http://ffmpeg.org/security.html lists 1.1.3 and 1.1.4 as fixing these; current stable 1.2.6 is thus unaffected
Comment 2 Yury German Gentoo Infrastructure gentoo-dev 2015-02-15 13:50:25 UTC 
With the verification, going to cleanup directly. Two version needs cleanup:
1.0.10, 0.10.15
Maintainer(s),  Please drop the vulnerable versions.

Security please vote on GLSA. 
GLSA Vote: No
Comment 3 Kristian Fiskerstrand (RETIRED) gentoo-dev 2015-02-15 14:58:03 UTC 
GLSA Vote: No

Marking noglsa
Comment 4 Yury German Gentoo Infrastructure gentoo-dev 2015-03-10 02:14:54 UTC 
Maintainer(s), please drop the vulnerable version(s).
Comment 5 Yury German Gentoo Infrastructure gentoo-dev 2015-07-01 13:29:00 UTC 
Maintainer(s), please drop the vulnerable version(s).
Comment 6 Yury German Gentoo Infrastructure gentoo-dev 2015-08-04 15:34:46 UTC 
Maintainer(s), Thank you for you for cleanup.

Thank you all. Closing as noglsa.