Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 634750 (CVE-2017-7859, CVE-2017-7863, CVE-2017-7865, CVE-2017-7866) - <media-video/ffmpeg-3.3.5: Multiple vulnerabilityr
Summary: <media-video/ffmpeg-3.3.5: Multiple vulnerabilityr
Status: RESOLVED FIXED
Alias: CVE-2017-7859, CVE-2017-7863, CVE-2017-7865, CVE-2017-7866
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor
Assignee: Gentoo Security
URL:
Whiteboard: B3 [noglsa cve]
Keywords:
Depends on: CVE-2017-16840
Blocks: CVE-2017-7862
  Show dependency tree
 
Reported: 2017-10-19 03:52 UTC by GLSAMaker/CVETool Bot
Modified: 2018-10-12 15:17 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description GLSAMaker/CVETool Bot gentoo-dev 2017-10-19 03:52:52 UTC
CVE-2017-7866 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7866):
  FFmpeg before 2017-01-23 has an out-of-bounds write caused by a stack-based
  buffer overflow related to the decode_zbuf function in libavcodec/pngdec.c.

CVE-2017-7865 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7865):
  FFmpeg before 2017-01-24 has an out-of-bounds write caused by a heap-based
  buffer overflow related to the ipvideo_decode_block_opcode_0xA function in
  libavcodec/interplayvideo.c and the avcodec_align_dimensions2 function in
  libavcodec/utils.c.

CVE-2017-7863 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7863):
  FFmpeg before 2017-02-04 has an out-of-bounds write caused by a heap-based
  buffer overflow related to the decode_frame_common function in
  libavcodec/pngdec.c.

CVE-2017-7862 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7862):
  FFmpeg before 2017-02-07 has an out-of-bounds write caused by a heap-based
  buffer overflow related to the decode_frame function in
  libavcodec/pictordec.c.

CVE-2017-7859 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7859):
  FFmpeg before 2017-03-05 has an out-of-bounds write caused by a heap-based
  buffer overflow related to the ff_h264_slice_context_init function in
  libavcodec/h264dec.c.
Comment 1 Aaron Bauman (RETIRED) gentoo-dev 2018-05-19 22:07:04 UTC
cleanup will occur in bug #639698

GLSA Vote: No
Comment 2 Thomas Deutschmann (RETIRED) gentoo-dev 2018-10-12 15:14:37 UTC
Freeing CVE-2017-7862 alias for tracker creation.