Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 494038

Summary: <media-video/ffmpeg-2.1: Multiple vulnerabilities (CVE-2013-{7008,7009,7010,7011,7012,7013,7014,7015,7016,7017,7018,7019,7020,7021,7022,7023,7024})
Product: Gentoo Security Reporter: GLSAMaker/CVETool Bot <glsamaker>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: normal CC: media-video, uwelk
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard: A3 [glsa cve]
Package list:
Runtime testing required: ---

Description GLSAMaker/CVETool Bot gentoo-dev 2013-12-12 14:55:35 UTC 
CVE-2013-7024 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-7024):
  The jpeg2000_decode_tile function in libavcodec/jpeg2000dec.c in FFmpeg
  before 2.1 does not consider the component number in certain calculations,
  which allows remote attackers to cause a denial of service (out-of-bounds
  array access) or possibly have unspecified other impact via crafted JPEG2000
  data.

CVE-2013-7023 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-7023):
  The ff_combine_frame function in libavcodec/parser.c in FFmpeg before 2.1
  does not properly handle certain memory-allocation errors, which allows
  remote attackers to cause a denial of service (out-of-bounds array access)
  or possibly have unspecified other impact via crafted data.

CVE-2013-7022 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-7022):
  The g2m_init_buffers function in libavcodec/g2meet.c in FFmpeg before 2.1
  does not properly allocate memory for tiles, which allows remote attackers
  to cause a denial of service (out-of-bounds array access) or possibly have
  unspecified other impact via crafted Go2Webinar data.

CVE-2013-7021 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-7021):
  The filter_frame function in libavfilter/vf_fps.c in FFmpeg before 2.1 does
  not properly ensure the availability of FIFO content, which allows remote
  attackers to cause a denial of service (double free) or possibly have
  unspecified other impact via crafted data.

CVE-2013-7020 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-7020):
  The read_header function in libavcodec/ffv1dec.c in FFmpeg before 2.1 does
  not properly enforce certain bit-count and colorspace constraints, which
  allows remote attackers to cause a denial of service (out-of-bounds array
  access) or possibly have unspecified other impact via crafted FFV1 data.

CVE-2013-7019 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-7019):
  The get_cox function in libavcodec/jpeg2000dec.c in FFmpeg before 2.1 does
  not properly validate the reduction factor, which allows remote attackers to
  cause a denial of service (out-of-bounds array access) or possibly have
  unspecified other impact via crafted JPEG2000 data.

CVE-2013-7018 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-7018):
  libavcodec/jpeg2000dec.c in FFmpeg before 2.1 does not ensure the use of
  valid code-block dimension values, which allows remote attackers to cause a
  denial of service (out-of-bounds array access) or possibly have unspecified
  other impact via crafted JPEG2000 data.

CVE-2013-7017 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-7017):
  libavcodec/jpeg2000.c in FFmpeg before 2.1 allows remote attackers to cause
  a denial of service (invalid pointer dereference) or possibly have
  unspecified other impact via crafted JPEG2000 data.

CVE-2013-7016 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-7016):
  The get_siz function in libavcodec/jpeg2000dec.c in FFmpeg before 2.1 does
  not ensure the expected sample separation, which allows remote attackers to
  cause a denial of service (out-of-bounds array access) or possibly have
  unspecified other impact via crafted JPEG2000 data.

CVE-2013-7015 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-7015):
  The flashsv_decode_frame function in libavcodec/flashsv.c in FFmpeg before
  2.1 does not properly validate a certain height value, which allows remote
  attackers to cause a denial of service (out-of-bounds array access) or
  possibly have unspecified other impact via crafted Flash Screen Video data.

CVE-2013-7014 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-7014):
  Integer signedness error in the add_bytes_l2_c function in
  libavcodec/pngdsp.c in FFmpeg before 2.1 allows remote attackers to cause a
  denial of service (out-of-bounds array access) or possibly have unspecified
  other impact via crafted PNG data.

CVE-2013-7013 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-7013):
  The g2m_init_buffers function in libavcodec/g2meet.c in FFmpeg before 2.1
  uses an incorrect ordering of arithmetic operations, which allows remote
  attackers to cause a denial of service (out-of-bounds array access) or
  possibly have unspecified other impact via crafted Go2Webinar data.

CVE-2013-7012 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-7012):
  The get_siz function in libavcodec/jpeg2000dec.c in FFmpeg before 2.1 does
  not prevent attempts to use non-zero image offsets, which allows remote
  attackers to cause a denial of service (out-of-bounds array access) or
  possibly have unspecified other impact via crafted JPEG2000 data.

CVE-2013-7011 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-7011):
  The read_header function in libavcodec/ffv1dec.c in FFmpeg before 2.1 does
  not prevent changes to global parameters, which allows remote attackers to
  cause a denial of service (out-of-bounds array access) or possibly have
  unspecified other impact via crafted FFV1 data.

CVE-2013-7010 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-7010):
  Multiple integer signedness errors in libavcodec/dsputil.c in FFmpeg before
  2.1 allow remote attackers to cause a denial of service (out-of-bounds array
  access) or possibly have unspecified other impact via crafted data.

CVE-2013-7009 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-7009):
  The rpza_decode_stream function in libavcodec/rpza.c in FFmpeg before 2.1
  does not properly maintain a pointer to pixel data, which allows remote
  attackers to cause a denial of service (out-of-bounds array access) or
  possibly have unspecified other impact via crafted Apple RPZA data.

CVE-2013-7008 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-7008):
  The decode_slice_header function in libavcodec/h264.c in FFmpeg before 2.1
  incorrectly relies on a certain droppable field, which allows remote
  attackers to cause a denial of service (deadlock) or possibly have
  unspecified other impact via crafted H.264 data.


Please note that this does affect all current stable versions, including the 0.10 slot. @maintainers: what are your plans for FFmpeg 2 going unmasked and stable?
Comment 1 piruthiviraj natarajan 2013-12-23 16:20:08 UTC 
Why is it still masked?

Any particular reason?
Comment 2 ewomer 2014-02-27 19:55:17 UTC 
I am wondering the same thing.
Comment 3 ewomer 2014-03-01 16:25:49 UTC 
(In reply to piruthiviraj natarajan from comment #1)
> Why is it still masked?
> 
> Any particular reason?

(In reply to salamanderrake from comment #2)
> I am wondering the same thing.

Because of this bug, https://bugs.gentoo.org/show_bug.cgi?id=476490 ,  ffmpeg-2 breaks compatibility with several packages
Comment 4 Yury German Gentoo Infrastructure gentoo-dev 2014-03-20 21:24:20 UTC 
Setting 476490 as Blocker.
Comment 5 Alexis Ballier gentoo-dev 2015-02-15 10:33:14 UTC 
http://ffmpeg.org/security.html marks it as fixed in 2.1, 2.2.12+ is thus enough.
Comment 6 Yury German Gentoo Infrastructure gentoo-dev 2015-07-01 13:11:29 UTC 
Since 1.1.X and 1.2.X is no longer maintained and 
2.2.14 is being stabilized, but higher version without bugs is 2.2.15. Once stabilized we can clean up 1.1.x and 1.2.x

Setting dependency on: 548006
Comment 7 GLSAMaker/CVETool Bot gentoo-dev 2016-03-12 11:21:04 UTC 
This issue was resolved and addressed in
 GLSA 201603-06 at https://security.gentoo.org/glsa/201603-06
by GLSA coordinator Kristian Fiskerstrand (K_F).