Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 711206 (CVE-2019-14371, CVE-2019-14372, CVE-2019-14441, CVE-2019-14442, CVE-2019-14443, CVE-2019-9717, CVE-2019-9719, CVE-2019-9720)

Summary: media-video/libav: Multiple vulnerabilities (CVE-2019-{9717,9719,9720,14371,14372,14441,14442,14443})
Product: Gentoo Security Reporter: Sam James <sam>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: normal CC: media-video
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard: B2 [ebuild upstream cve]
Package list:
Runtime testing required: ---

Description Sam James archtester Gentoo Infrastructure gentoo-dev Security 2020-03-01 18:41:40 UTC
1) CVE-2019-9717

Description:
"In Libav 12.3, a denial of service in the subtitle decoder allows attackers to hog the CPU via a crafted video file in Matroska format, because srt_to_ass in libavcodec/srtdec.c has a complex format argument to sscanf."

2) CVE-2019-9719

Description:
"A stack-based buffer overflow in the subtitle decoder in Libav 12.3 allows attackers to corrupt the stack via a crafted video file in Matroska format, because srt_to_ass in libavcodec/srtdec.c misuses snprintf."

3) CVE-2019-9720

Description (same as 9719):
"A stack-based buffer overflow in the subtitle decoder in Libav 12.3 allows attackers to corrupt the stack via a crafted video file in Matroska format, because srt_to_ass in libavcodec/srtdec.c misuses snprintf."

---
All affect 12.3
Comment 2 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2020-03-02 15:16:41 UTC
4) CVE-2019-14441

Description:
"An issue was discovered in Libav 12.3. An access violation allows remote attackers to cause a denial of service (application crash), as demonstrated by avconv. This is related to ff_mpa_synth_filter_float in avcodec/mpegaudiodsp_template.c."

Bug: https://bugzilla.libav.org/show_bug.cgi?id=1161#c0
Status: not yet fixed

5) CVE-2019-14442

Description:
"In mpc8_read_header in libavformat/mpc8.c in Libav 12.3, an input file can result in an avio_seek infinite loop and hang, with 100% CPU consumption. Attackers could leverage this vulnerability to cause a denial of service via a crafted file."

Bug: https://bugzilla.libav.org/show_bug.cgi?id=1159
Status: not yet fixed

6) CVE-2019-14443

Description:
"An issue was discovered in Libav 12.3. Division by zero in range_decode_culshift in libavcodec/apedec.c allows remote attackers to cause a denial of service (application crash), as demonstrated by avconv."

Bug: https://bugzilla.libav.org/show_bug.cgi?id=1161#c1 (same as 14441)
Status: not yet fixed
Comment 3 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2020-03-02 15:24:08 UTC
7) CVE-2019-14372

Description:
"In Libav 12.3, there is an infinite loop in the function wv_read_block_header() in the file wvdec.c."

Bug: https://bugzilla.libav.org/show_bug.cgi?id=1165
Status: Debian have managed to fix this via https://bugzilla.libav.org/show_bug.cgi?id=1165#c5
Comment 4 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2020-03-02 15:26:47 UTC
8) CVE-2019-14371

Description:
"An issue was discovered in Libav 12.3. There is an infinite loop in the function mov_probe in the file libavformat/mov.c, related to offset and tag."

Bug: https://bugzilla.libav.org/show_bug.cgi?id=1163
Status: https://bugzilla.libav.org/show_bug.cgi?id=1163#c3 (reported by same person as in #c2), so fix seems available
Comment 5 Larry the Git Cow gentoo-dev 2020-04-26 15:23:18 UTC
The bug has been closed via the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=ae1063b59ef317fdc6dd640b60437f6fb143a2ac

commit ae1063b59ef317fdc6dd640b60437f6fb143a2ac
Author:     Mikle Kolyada <zlogene@gentoo.org>
AuthorDate: 2020-04-26 15:14:48 +0000
Commit:     Mikle Kolyada <zlogene@gentoo.org>
CommitDate: 2020-04-26 15:22:46 +0000

    media-video/libav: remove last-rited pkg
    
    Closes: https://bugs.gentoo.org/show_bug.cgi?id=452482
    Closes: https://bugs.gentoo.org/show_bug.cgi?id=458768
    Closes: https://bugs.gentoo.org/show_bug.cgi?id=470764
    Closes: https://bugs.gentoo.org/show_bug.cgi?id=499256
    Closes: https://bugs.gentoo.org/show_bug.cgi?id=509974
    Closes: https://bugs.gentoo.org/show_bug.cgi?id=519602
    Closes: https://bugs.gentoo.org/show_bug.cgi?id=525070
    Closes: https://bugs.gentoo.org/show_bug.cgi?id=555114
    Closes: https://bugs.gentoo.org/show_bug.cgi?id=564040
    Closes: https://bugs.gentoo.org/show_bug.cgi?id=587054
    Closes: https://bugs.gentoo.org/show_bug.cgi?id=588986
    Closes: https://bugs.gentoo.org/show_bug.cgi?id=701952
    Closes: https://bugs.gentoo.org/show_bug.cgi?id=538790
    Closes: https://bugs.gentoo.org/show_bug.cgi?id=711206
    Closes: https://bugs.gentoo.org/show_bug.cgi?id=489922
    Closes: https://bugs.gentoo.org/show_bug.cgi?id=409957
    Closes: https://bugs.gentoo.org/show_bug.cgi?id=445854
    Closes: https://bugs.gentoo.org/show_bug.cgi?id=474408
    Closes: https://bugs.gentoo.org/show_bug.cgi?id=509294
    Closes: https://bugs.gentoo.org/show_bug.cgi?id=522350
    Closes: https://bugs.gentoo.org/show_bug.cgi?id=546080
    Closes: https://bugs.gentoo.org/show_bug.cgi?id=588482
    Closes: https://bugs.gentoo.org/show_bug.cgi?id=603726
    Closes: https://bugs.gentoo.org/show_bug.cgi?id=694082
    Closes: https://bugs.gentoo.org/show_bug.cgi?id=634102
    Closes: https://bugs.gentoo.org/show_bug.cgi?id=542186
    Closes: https://bugs.gentoo.org/show_bug.cgi?id=635524
    Closes: https://bugs.gentoo.org/show_bug.cgi?id=651218
    Closes: https://bugs.gentoo.org/show_bug.cgi?id=651220
    
    Signed-off-by: Mikle Kolyada <zlogene@gentoo.org>

 media-video/libav/Manifest                    |   3 -
 media-video/libav/files/libav-12.3-x264.patch |  85 -------
 media-video/libav/libav-12.3.ebuild           | 350 --------------------------
 media-video/libav/libav-13_pre20171219.ebuild | 336 -------------------------
 media-video/libav/libav-9999.ebuild           | 339 -------------------------
 media-video/libav/metadata.xml                |  35 ---
 6 files changed, 1148 deletions(-)