Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 408555 - <media-video/libav-0.8.2 : Multiple vulnerabilities (CVE-2011-{3929,3936,3937,3940,3945,3947,3951,3952},CVE-2012-{0848,0853,0858,0947})
Summary: <media-video/libav-0.8.2 : Multiple vulnerabilities (CVE-2011-{3929,3936,3937...
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL: http://libav.org/#0.8.1
Whiteboard: B2 [glsa]
Keywords:
: 412817 (view as bug list)
Depends on: 409685
Blocks:
  Show dependency tree
 
Reported: 2012-03-17 09:19 UTC by Agostino Sarubbo
Modified: 2012-10-20 01:15 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Agostino Sarubbo gentoo-dev 2012-03-17 09:19:55 UTC
From upstream link at $URL

Today, we update our latest release series 0.8 with the release Libav 0.8.1. As usual, this release includes a number of functional corrections and security fixes, such as:

CVE-2012-0848
CVE-2012-0853
CVE-2012-0858
CVE-2011-3929
CVE-2011-3936
CVE-2011-3937
CVE-2011-3940
CVE-2011-3945
CVE-2011-3947
CVE-2011-3951
CVE-2011-3952
The following bugs in our Bugzilla have been fixed:

http://bugzilla.libav.org/show_bug.cgi?id=212
http://bugzilla.libav.org/show_bug.cgi?id=216
http://bugzilla.libav.org/show_bug.cgi?id=220
http://bugzilla.libav.org/show_bug.cgi?id=221
http://bugzilla.libav.org/show_bug.cgi?id=227
http://bugzilla.libav.org/show_bug.cgi?id=237
Comment 1 Agostino Sarubbo gentoo-dev 2012-03-17 09:21:19 UTC
Already talked with lu_zero, and we will check all rdepend before adding arches
Comment 2 Agostino Sarubbo gentoo-dev 2012-04-20 21:50:04 UTC
*** Bug 412817 has been marked as a duplicate of this bug. ***
Comment 3 Tomáš Chvátal (RETIRED) gentoo-dev 2012-04-21 09:15:45 UTC
All the issues on the tracker that could be fixed were fixed. Please proceed.
Comment 4 Tim Sammut (RETIRED) gentoo-dev 2012-04-30 21:39:04 UTC
Agostino, should we be stabilizing libav? I don't see it as have any stable versions on any arches at the moment... It feels like this should be resolved as "~2 [noglsa]" right? Thanks.
Comment 5 Tomáš Chvátal (RETIRED) gentoo-dev 2012-05-01 07:18:11 UTC
(In reply to comment #4)
> Agostino, should we be stabilizing libav? I don't see it as have any stable
> versions on any arches at the moment... It feels like this should be
> resolved as "~2 [noglsa]" right? Thanks.

It had stables, I just dropped the affected stable version.
Comment 6 Tim Sammut (RETIRED) gentoo-dev 2012-05-01 11:03:40 UTC
(In reply to comment #5)
> 
> It had stables, I just dropped the affected stable version.

Ok, thank you.

Arches, please test and mark stable:
=media-video/libav-0.8.1
Comment 7 Markus Meier gentoo-dev 2012-05-05 11:54:26 UTC
x86 stable
Comment 8 Tomáš Chvátal (RETIRED) gentoo-dev 2012-05-05 19:04:11 UTC
Adding back x86, as 0.8.1 has another cve. Added 0.8.2 that should have it fixed.
Comment 9 Andreas Schürch gentoo-dev 2012-05-06 17:14:46 UTC
x86 stable, thanks! 
For the record, x86 doesn't suffer from bug 409957.
Comment 10 Markos Chandras (RETIRED) gentoo-dev 2012-05-07 00:11:43 UTC
amd64 done
Comment 11 Jeroen Roovers gentoo-dev 2012-05-10 03:29:22 UTC
Stable for HPPA.
Comment 12 Brent Baude (RETIRED) gentoo-dev 2012-05-10 19:24:44 UTC
ppc64 done
Comment 13 Markus Meier gentoo-dev 2012-05-12 12:59:27 UTC
arm stable
Comment 14 Tobias Klausmann gentoo-dev 2012-05-12 16:10:22 UTC
Stable on alpha.
Comment 15 Raúl Porcel (RETIRED) gentoo-dev 2012-05-12 16:48:54 UTC
ia64/sparc stable
Comment 16 Brent Baude (RETIRED) gentoo-dev 2012-06-08 17:44:54 UTC
ppc done
Comment 17 Tim Sammut (RETIRED) gentoo-dev 2012-06-10 15:37:41 UTC
Thanks, folks. Already in GLSA request.
Comment 18 GLSAMaker/CVETool Bot gentoo-dev 2012-08-20 23:17:28 UTC
CVE-2012-0947 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0947):
  Heap-based buffer overflow in the vqa_decode_chunk function in the VQA codec
  (vqavideo.c) in libavcodec in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6,
  0.7.x before 0.7.6, and 0.8.x before 0.8.2 allows remote attackers to cause
  a denial of service (crash) and possibly execute arbitrary code via a
  crafted VQA media file in which the image size is not a multiple of the
  block size.

CVE-2012-0858 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0858):
  The Shorten codec (shorten.c) in libavcodec in FFmpeg 0.7.x before 0.7.12
  and 0.8.x before 0.8.11, and in Libav 0.5.x before 0.5.9, 0.6.x before
  0.6.6, 0.7.x before 0.7.5, and 0.8.x before 0.8.1, allows remote attackers
  to cause a denial of service (application crash) and possibly execute
  arbitrary code via a crafted Shorten file, related to an "invalid free".

CVE-2012-0853 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0853):
  The decodeTonalComponents function in the Actrac3 codec (atrac3.c) in
  libavcodec in FFmpeg 0.7.x before 0.7.12, and 0.8.x before 0.8.11; and in
  Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.5, and 0.8.x
  before 0.8.1 allows remote attackers to cause a denial of service (infinite
  loop and crash) and possibly execute arbitrary code via a large component
  count in an Atrac 3 file.

CVE-2012-0848 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0848):
  Heap-based buffer overflow in the ws_snd_decode_frame function in
  libavcodec/ws-snd1.c in FFmpeg 0.9.1 allows remote attackers to cause a
  denial of service (application crash) via a crafted media file, related to
  an incorrect calculation, aka "wrong samples count."

CVE-2011-3952 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3952):
  The decode_init function in kmvc.c in libavcodec in FFmpeg before 0.10 and
  in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.6, and
  0.8.x before 0.8.1 allows remote attackers to cause a denial of service
  (application crash) and possibly execute arbitrary code via a large palette
  size in a KMVC encoded file.

CVE-2011-3951 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3951):
  The dpcm_decode_frame function in dpcm.c in libavcodec in FFmpeg before 0.10
  and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.6, and
  0.8.x before 0.8.1 allows remote attackers to cause a denial of service
  (application crash) and possibly execute arbitrary code via a crafted stereo
  stream in a media file.

CVE-2011-3947 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3947):
  Buffer overflow in mjpegbdec.c in libavcodec in FFmpeg 0.7.x before 0.7.12
  and 0.8.x before 0.8.11, and in Libav 0.5.x before 0.5.9, 0.6.x before
  0.6.6, 0.7.x before 0.7.5, and 0.8.x before 0.8.1, allows remote attackers
  to cause a denial of service (crash) and possibly execute arbitrary code via
  a crafted MJPEG-B file.

CVE-2011-3940 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3940):
  nsvdec.c in libavcodec in FFmpeg 0.7.x before 0.7.12 and 0.8.x before
  0.8.11, and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before
  0.7.5, and 0.8.x before 0.8.1, allows remote attackers to cause a denial of
  service (out-of-bounds read and write) via a crafted NSV file that triggers
  "use of uninitialized streams."

CVE-2011-3936 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3936):
  The dv_extract_audio function in libavcodec in FFmpeg 0.7.x before 0.7.12
  and 0.8.x before 0.8.11 and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6,
  0.7.x before 0.7.5, and 0.8.x before 0.8.1 allows remote attackers to cause
  a denial of service (out-of-bounds read and application crash) via a crafted
  DV file.

CVE-2011-3929 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3929):
  The avpriv_dv_produce_packet function in libavcodec in FFmpeg 0.7.x before
  0.7.12 and 0.8.x before 0.8.11 and in Libav 0.5.x before 0.5.9, 0.6.x before
  0.6.6, 0.7.x before 0.7.5, and 0.8.x before 0.8.1 allows remote attackers to
  cause a denial of service (NULL pointer dereference and application crash)
  and possibly execute arbitrary code via a crafted DV file.
Comment 19 GLSAMaker/CVETool Bot gentoo-dev 2012-08-24 22:01:03 UTC
CVE-2011-3945 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3945):
  The decode_frame function in the KVG1 decoder (kgv1dec.c) in libavcodec in
  FFmpeg 0.7.x before 0.7.12 and 0.8.x before 0.8.11, and in Libav 0.5.x
  before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.5, and 0.8.x before
  0.8.1, allows remote attackers to cause a denial of service (crash) and
  possibly execute arbitrary code via a crafted media file.
Comment 20 GLSAMaker/CVETool Bot gentoo-dev 2012-10-20 01:15:25 UTC
This issue was resolved and addressed in
 GLSA 201210-06 at http://security.gentoo.org/glsa/glsa-201210-06.xml
by GLSA coordinator Sean Amoss (ackle).