Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 486692 - <media-video/ffmpeg-1.2.6: Multiple Vulnerabilities
Summary: <media-video/ffmpeg-1.2.6: Multiple Vulnerabilities
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL: https://secunia.com/advisories/55122/
Whiteboard: B2 [glsa]
Keywords:
Depends on:
Blocks:
 
Reported: 2013-10-01 18:59 UTC by Agostino Sarubbo
Modified: 2016-03-12 11:20 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Agostino Sarubbo gentoo-dev 2013-10-01 18:59:29 UTC
From ${URL} :

Description

Multiple vulnerabilities have been reported in FFmpeg, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise an 
application using the library.

1) An error within the "pcx_decode_frame()" function (libavcodec/pcx.c) can be exploited to cause a crash.

2) An error within the "xan_decode_init()" function (libavcodec/xxan.c) can be exploited to cause an out of bounds write memory access.

3) An error within the "pcx_decode_frame()" function (libavcodec/pcx.c) can be exploited to trigger an infinite loop.

4) An error within the "png_decode_idat()" function (libavcodec/pngdec.c) can be exploited to trigger an infinite loop.

5) An error within the "bfi_read_packet()" function (libavformat/bfi.c) can be exploited to trigger a division-by-zero exception.

6) An error within the "ff_get_wav_header()" function (libavformat/riffdec.c) can be exploited to trigger a division-by-zero exception.

7) An error within the "read_header()" function (libavformat/mvi.c) can be exploited to trigger a division-by-zero exception.

8) A boundary error within the "decode_element()" function (libavcodec/alac.c) can be exploited to cause an out of bounds write memory access.

9) An error within the "xwma_read_header()" function (libavformat/xwma.c) can be exploited to trigger a division-by-zero exception.

10) An error within the "read_gab2_sub()" function (libavformat/avidec.c) can be exploited to cause an out of bounds read memory access.

11) An error within the "vqf_read_header()" function (libavformat/vqf.c) can be exploited to cause a crash.

Successful exploitation of the vulnerabilities #2 and #8 may allow execution of arbitrary code.


Solution:
Fixed in the git repository.

Provided and/or discovered by:
The vendor credits Mateusz "j00ru" Jurczyk and Gynvael Coldwind.

Original Advisory:
http://git.libav.org/?p=libav.git;a=commit;h=d1d99e3befea5d411ac3aae72dbdecce94f8b547
http://git.libav.org/?p=libav.git;a=commit;h=aa0dd52434768da64f1f3d8ae92bcf980c1adffc
http://git.libav.org/?p=libav.git;a=commit;h=9fb0de86b49e9fb0709a8ad1e1875e35da841887
http://git.libav.org/?p=libav.git;a=commit;h=a81cad8f86d1feb7e4bfae29e43f3e994935a5c7
http://git.libav.org/?p=libav.git;a=commit;h=9fc7184d1a9af8d97b3fc5c2ef9d0a647d6617ea
http://git.libav.org/?p=libav.git;a=commit;h=d07aa3f02b73ab1371c13ac7898338380ca0932b
http://git.libav.org/?p=libav.git;a=commit;h=28ff439efd2362fb21e1a78610737f2e26a72d8f
http://git.libav.org/?p=libav.git;a=commit;h=59480abce7e4238e22b3a4a904a9fe6abf4e4188
http://git.libav.org/?p=libav.git;a=commit;h=adc09136a4a63b152630abeacb22c56541eacf60
http://git.libav.org/?p=libav.git;a=commit;h=8d07258bb6063d0780ce2d39443d6dc6d8eedc5a
http://git.libav.org/?p=libav.git;a=commit;h=9277050e2918e0a0df9689721a188a604d886616


@maintainer(s): after the bump, in case we need to stabilize the package, please say explicitly if it is ready for the stabilization or not.
Comment 1 Alexis Ballier gentoo-dev 2015-02-15 10:44:56 UTC
sounds like libav stuff, ffmpeg 1.2.6 seems unaffected
Comment 2 Yury German Gentoo Infrastructure gentoo-dev 2015-07-01 15:08:10 UTC
Adding depends for the GLSA write up, will create one monster GLSA for all ffmpeg when Bug 548006 is stabilized.
Comment 3 GLSAMaker/CVETool Bot gentoo-dev 2016-03-12 11:20:33 UTC
This issue was resolved and addressed in
 GLSA 201603-06 at https://security.gentoo.org/glsa/201603-06
by GLSA coordinator Kristian Fiskerstrand (K_F).