Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 494038 - <media-video/ffmpeg-2.1: Multiple vulnerabilities (CVE-2013-{7008,7009,7010,7011,7012,7013,7014,7015,7016,7017,7018,7019,7020,7021,7022,7023,7024})
Summary: <media-video/ffmpeg-2.1: Multiple vulnerabilities (CVE-2013-{7008,7009,7010,7...
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL:
Whiteboard: A3 [glsa cve]
Keywords:
Depends on:
Blocks:
 
Reported: 2013-12-12 14:55 UTC by GLSAMaker/CVETool Bot
Modified: 2016-03-12 11:21 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description GLSAMaker/CVETool Bot gentoo-dev 2013-12-12 14:55:35 UTC
CVE-2013-7024 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-7024):
  The jpeg2000_decode_tile function in libavcodec/jpeg2000dec.c in FFmpeg
  before 2.1 does not consider the component number in certain calculations,
  which allows remote attackers to cause a denial of service (out-of-bounds
  array access) or possibly have unspecified other impact via crafted JPEG2000
  data.

CVE-2013-7023 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-7023):
  The ff_combine_frame function in libavcodec/parser.c in FFmpeg before 2.1
  does not properly handle certain memory-allocation errors, which allows
  remote attackers to cause a denial of service (out-of-bounds array access)
  or possibly have unspecified other impact via crafted data.

CVE-2013-7022 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-7022):
  The g2m_init_buffers function in libavcodec/g2meet.c in FFmpeg before 2.1
  does not properly allocate memory for tiles, which allows remote attackers
  to cause a denial of service (out-of-bounds array access) or possibly have
  unspecified other impact via crafted Go2Webinar data.

CVE-2013-7021 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-7021):
  The filter_frame function in libavfilter/vf_fps.c in FFmpeg before 2.1 does
  not properly ensure the availability of FIFO content, which allows remote
  attackers to cause a denial of service (double free) or possibly have
  unspecified other impact via crafted data.

CVE-2013-7020 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-7020):
  The read_header function in libavcodec/ffv1dec.c in FFmpeg before 2.1 does
  not properly enforce certain bit-count and colorspace constraints, which
  allows remote attackers to cause a denial of service (out-of-bounds array
  access) or possibly have unspecified other impact via crafted FFV1 data.

CVE-2013-7019 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-7019):
  The get_cox function in libavcodec/jpeg2000dec.c in FFmpeg before 2.1 does
  not properly validate the reduction factor, which allows remote attackers to
  cause a denial of service (out-of-bounds array access) or possibly have
  unspecified other impact via crafted JPEG2000 data.

CVE-2013-7018 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-7018):
  libavcodec/jpeg2000dec.c in FFmpeg before 2.1 does not ensure the use of
  valid code-block dimension values, which allows remote attackers to cause a
  denial of service (out-of-bounds array access) or possibly have unspecified
  other impact via crafted JPEG2000 data.

CVE-2013-7017 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-7017):
  libavcodec/jpeg2000.c in FFmpeg before 2.1 allows remote attackers to cause
  a denial of service (invalid pointer dereference) or possibly have
  unspecified other impact via crafted JPEG2000 data.

CVE-2013-7016 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-7016):
  The get_siz function in libavcodec/jpeg2000dec.c in FFmpeg before 2.1 does
  not ensure the expected sample separation, which allows remote attackers to
  cause a denial of service (out-of-bounds array access) or possibly have
  unspecified other impact via crafted JPEG2000 data.

CVE-2013-7015 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-7015):
  The flashsv_decode_frame function in libavcodec/flashsv.c in FFmpeg before
  2.1 does not properly validate a certain height value, which allows remote
  attackers to cause a denial of service (out-of-bounds array access) or
  possibly have unspecified other impact via crafted Flash Screen Video data.

CVE-2013-7014 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-7014):
  Integer signedness error in the add_bytes_l2_c function in
  libavcodec/pngdsp.c in FFmpeg before 2.1 allows remote attackers to cause a
  denial of service (out-of-bounds array access) or possibly have unspecified
  other impact via crafted PNG data.

CVE-2013-7013 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-7013):
  The g2m_init_buffers function in libavcodec/g2meet.c in FFmpeg before 2.1
  uses an incorrect ordering of arithmetic operations, which allows remote
  attackers to cause a denial of service (out-of-bounds array access) or
  possibly have unspecified other impact via crafted Go2Webinar data.

CVE-2013-7012 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-7012):
  The get_siz function in libavcodec/jpeg2000dec.c in FFmpeg before 2.1 does
  not prevent attempts to use non-zero image offsets, which allows remote
  attackers to cause a denial of service (out-of-bounds array access) or
  possibly have unspecified other impact via crafted JPEG2000 data.

CVE-2013-7011 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-7011):
  The read_header function in libavcodec/ffv1dec.c in FFmpeg before 2.1 does
  not prevent changes to global parameters, which allows remote attackers to
  cause a denial of service (out-of-bounds array access) or possibly have
  unspecified other impact via crafted FFV1 data.

CVE-2013-7010 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-7010):
  Multiple integer signedness errors in libavcodec/dsputil.c in FFmpeg before
  2.1 allow remote attackers to cause a denial of service (out-of-bounds array
  access) or possibly have unspecified other impact via crafted data.

CVE-2013-7009 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-7009):
  The rpza_decode_stream function in libavcodec/rpza.c in FFmpeg before 2.1
  does not properly maintain a pointer to pixel data, which allows remote
  attackers to cause a denial of service (out-of-bounds array access) or
  possibly have unspecified other impact via crafted Apple RPZA data.

CVE-2013-7008 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-7008):
  The decode_slice_header function in libavcodec/h264.c in FFmpeg before 2.1
  incorrectly relies on a certain droppable field, which allows remote
  attackers to cause a denial of service (deadlock) or possibly have
  unspecified other impact via crafted H.264 data.


Please note that this does affect all current stable versions, including the 0.10 slot. @maintainers: what are your plans for FFmpeg 2 going unmasked and stable?
Comment 1 piruthiviraj natarajan 2013-12-23 16:20:08 UTC
Why is it still masked?

Any particular reason?
Comment 2 salamanderrake 2014-02-27 19:55:17 UTC
I am wondering the same thing.
Comment 3 salamanderrake 2014-03-01 16:25:49 UTC
(In reply to piruthiviraj natarajan from comment #1)
> Why is it still masked?
> 
> Any particular reason?

(In reply to salamanderrake from comment #2)
> I am wondering the same thing.

Because of this bug, https://bugs.gentoo.org/show_bug.cgi?id=476490 ,  ffmpeg-2 breaks compatibility with several packages
Comment 4 Yury German Gentoo Infrastructure gentoo-dev Security 2014-03-20 21:24:20 UTC
Setting 476490 as Blocker.
Comment 5 Alexis Ballier gentoo-dev 2015-02-15 10:33:14 UTC
http://ffmpeg.org/security.html marks it as fixed in 2.1, 2.2.12+ is thus enough.
Comment 6 Yury German Gentoo Infrastructure gentoo-dev Security 2015-07-01 13:11:29 UTC
Since 1.1.X and 1.2.X is no longer maintained and 
2.2.14 is being stabilized, but higher version without bugs is 2.2.15. Once stabilized we can clean up 1.1.x and 1.2.x

Setting dependency on: 548006
Comment 7 GLSAMaker/CVETool Bot gentoo-dev 2016-03-12 11:21:04 UTC
This issue was resolved and addressed in
 GLSA 201603-06 at https://security.gentoo.org/glsa/201603-06
by GLSA coordinator Kristian Fiskerstrand (K_F).