1) Some errors within the libavcodec library when parsing ASF, QT, and WMV files can be exploited to corrupt memory. 2) An error within the "ff_compute_band_indexes()" function (libavcodec/mpegaudiodec.c) can be exploited to corrupt memory. Successful exploitation of the vulnerabilities may allow execution of arbitrary code. Fixed in 0.8.4 still not released
From the upstream website: October 22 2012 Today, we update our latest release series 0.8 with the release of Libav 0.8.4. This release contains several security and bug fixes. The following bugs in our Bugzilla have been fixed: #118: zzufed H.261 file crashes avconv signal 11 (SIGSEGV) #203: scale filter has a rounding error #245: Reading already freed mem when using vfilters pad and settb #265: smacker audio decode regression #277: avconv ignores audio bitrate -ab parameter #310: avconv hangs when transcoding .flac files #327: wmaprodec: Arithmetic exception #352: Pad filter pass-through problem #367: Crash in bmp_decode_frame() when decoding unusual bmp file #373: y4m as input results in "filename.y4m: Operation not permitted" #379: Regression in WAV files between 52.72. 2 and 53. 35. 0 #380: double free in option handling This release contains security fixes for the following CVEs: CVE-2012-2772 CVE-2012-2775 CVE-2012-2776 CVE-2012-2777 CVE-2012-2779 CVE-2012-2784 CVE-2012-2786 CVE-2012-2787 CVE-2012-2788 CVE-2012-2789 CVE-2012-2790 CVE-2012-2793 CVE-2012-2794 CVE-2012-2796 CVE-2012-2798 CVE-2012-2800 CVE-2012-2801 CVE-2012-2802 Arches, please test and mark stable: =media-video/libav-0.8.4 Target keywords : "alpha amd64 arm hppa ia64 ppc ppc64 sparc x86"
amd64 stable
Stable for HPPA.
Stable on alpha.
stable ppc64
stable ppc
x86 stable
arm stable
ia64/sparc stable
Thanks, everyone. New GLSA request filed.
oldest in tree libav-0.8.7, PLEASE CLOSE. thx
This issue was resolved and addressed in GLSA 201406-28 at http://security.gentoo.org/glsa/glsa-201406-28.xml by GLSA coordinator Chris Reffett (creffett).