Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 493452 - <media-video/ffmpeg-2.0.1: Multiple vulnerabilities
Summary: <media-video/ffmpeg-2.0.1: Multiple vulnerabilities
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL: http://secunia.com/advisories/55946/
Whiteboard: B2 [glsa+]
Keywords:
Depends on:
Blocks:
 
Reported: 2013-12-06 15:33 UTC by Agostino Sarubbo
Modified: 2016-03-12 11:20 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Agostino Sarubbo gentoo-dev 2013-12-06 15:33:25 UTC
From ${URL} :

Description

Some vulnerabilities have been reported in FFmpeg, which can be exploited by malicious people to cause a 
DoS (Denial of Service) and compromise an application using the library.

1) An error within the "kempf_decode_tile()" function (libavcodec/g2meet.c) can be exploited to trigger an 
out-of-bounds read memory access.

2) An error within the "format_line()" function (libavutil/log.c) can be exploited to trigger an 
out-of-bounds read memory access.

3) Some errors within the "split_field_copy()" and "ff_h264_fill_default_ref_list()" functions 
(libavcodec/h264_refs.c) can be exploited to cause buffer overflows.

Successful exploitation of this vulnerability may allow execution of arbitrary code.


Solution:
Fixed in the source code repository.

Provided and/or discovered by:
The vendor credits Mateusz "j00ru" Jurczyk and Gynvael Coldwind.

Original Advisory:
http://git.videolan.org/?p=ffmpeg.git;a=commit;h=6d9dad6a7cb5d544d540abf941fedbd34c14d2bd
http://git.videolan.org/?p=ffmpeg.git;a=commit;h=808c10e728db2d92ccbb0f8b3bcd4a2f4305a2cf
http://git.videolan.org/?p=ffmpeg.git;a=commit;h=4d388c0cd05dd4de545e8ea333ab4de7d67ad12d


@maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
Comment 1 Alexis Ballier gentoo-dev 2014-01-09 10:09:23 UTC
(In reply to Agostino Sarubbo from comment #0)
> 1) An error within the "kempf_decode_tile()" function (libavcodec/g2meet.c)
> can be exploited to trigger an 
> out-of-bounds read memory access.

not in 1.0.* nor 1.2.*
backported to 2.1 branch recently so will be in next 2.1 release

-> not for us

> 2) An error within the "format_line()" function (libavutil/log.c) can be
> exploited to trigger an 
> out-of-bounds read memory access.

seems to have been introduced by http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=148310ca1659e3be95a2e87a8e30d1894a32d6d6

not in 1.0.* nor 1.2.*
backported to 2.1 branch recently so will be in next 2.1 release

-> not for us

> 3) Some errors within the "split_field_copy()" and
> "ff_h264_fill_default_ref_list()" functions 
> (libavcodec/h264_refs.c) can be exploited to cause buffer overflows.

seems valid; fixed only in master atm, need to check why
Comment 2 Alexis Ballier gentoo-dev 2014-01-09 10:10:23 UTC
(In reply to Alexis Ballier from comment #1)

please fix your summary btw, first 2 bugs are not present in <ffmpeg-2 and 3rd one isnt fixed in 2.0.1 it seems
Comment 3 Yury German Gentoo Infrastructure gentoo-dev Security 2015-07-01 13:15:05 UTC
Since it looks like this bug was not fully addressed setting the dependency for 548006, stabilization of 2.2.15
Comment 4 GLSAMaker/CVETool Bot gentoo-dev 2016-03-12 11:20:56 UTC
This issue was resolved and addressed in
 GLSA 201603-06 at https://security.gentoo.org/glsa/201603-06
by GLSA coordinator Kristian Fiskerstrand (K_F).