1) CVE-2019-9717 Description: "In Libav 12.3, a denial of service in the subtitle decoder allows attackers to hog the CPU via a crafted video file in Matroska format, because srt_to_ass in libavcodec/srtdec.c has a complex format argument to sscanf." 2) CVE-2019-9719 Description: "A stack-based buffer overflow in the subtitle decoder in Libav 12.3 allows attackers to corrupt the stack via a crafted video file in Matroska format, because srt_to_ass in libavcodec/srtdec.c misuses snprintf." 3) CVE-2019-9720 Description (same as 9719): "A stack-based buffer overflow in the subtitle decoder in Libav 12.3 allows attackers to corrupt the stack via a crafted video file in Matroska format, because srt_to_ass in libavcodec/srtdec.c misuses snprintf." --- All affect 12.3
URLs: https://www.cvedetails.com/cve/CVE-2019-9717/ https://www.cvedetails.com/cve/CVE-2019-9719/ https://www.cvedetails.com/cve/CVE-2019-9720/
4) CVE-2019-14441 Description: "An issue was discovered in Libav 12.3. An access violation allows remote attackers to cause a denial of service (application crash), as demonstrated by avconv. This is related to ff_mpa_synth_filter_float in avcodec/mpegaudiodsp_template.c." Bug: https://bugzilla.libav.org/show_bug.cgi?id=1161#c0 Status: not yet fixed 5) CVE-2019-14442 Description: "In mpc8_read_header in libavformat/mpc8.c in Libav 12.3, an input file can result in an avio_seek infinite loop and hang, with 100% CPU consumption. Attackers could leverage this vulnerability to cause a denial of service via a crafted file." Bug: https://bugzilla.libav.org/show_bug.cgi?id=1159 Status: not yet fixed 6) CVE-2019-14443 Description: "An issue was discovered in Libav 12.3. Division by zero in range_decode_culshift in libavcodec/apedec.c allows remote attackers to cause a denial of service (application crash), as demonstrated by avconv." Bug: https://bugzilla.libav.org/show_bug.cgi?id=1161#c1 (same as 14441) Status: not yet fixed
7) CVE-2019-14372 Description: "In Libav 12.3, there is an infinite loop in the function wv_read_block_header() in the file wvdec.c." Bug: https://bugzilla.libav.org/show_bug.cgi?id=1165 Status: Debian have managed to fix this via https://bugzilla.libav.org/show_bug.cgi?id=1165#c5
8) CVE-2019-14371 Description: "An issue was discovered in Libav 12.3. There is an infinite loop in the function mov_probe in the file libavformat/mov.c, related to offset and tag." Bug: https://bugzilla.libav.org/show_bug.cgi?id=1163 Status: https://bugzilla.libav.org/show_bug.cgi?id=1163#c3 (reported by same person as in #c2), so fix seems available
The bug has been closed via the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=ae1063b59ef317fdc6dd640b60437f6fb143a2ac commit ae1063b59ef317fdc6dd640b60437f6fb143a2ac Author: Mikle Kolyada <zlogene@gentoo.org> AuthorDate: 2020-04-26 15:14:48 +0000 Commit: Mikle Kolyada <zlogene@gentoo.org> CommitDate: 2020-04-26 15:22:46 +0000 media-video/libav: remove last-rited pkg Closes: https://bugs.gentoo.org/show_bug.cgi?id=452482 Closes: https://bugs.gentoo.org/show_bug.cgi?id=458768 Closes: https://bugs.gentoo.org/show_bug.cgi?id=470764 Closes: https://bugs.gentoo.org/show_bug.cgi?id=499256 Closes: https://bugs.gentoo.org/show_bug.cgi?id=509974 Closes: https://bugs.gentoo.org/show_bug.cgi?id=519602 Closes: https://bugs.gentoo.org/show_bug.cgi?id=525070 Closes: https://bugs.gentoo.org/show_bug.cgi?id=555114 Closes: https://bugs.gentoo.org/show_bug.cgi?id=564040 Closes: https://bugs.gentoo.org/show_bug.cgi?id=587054 Closes: https://bugs.gentoo.org/show_bug.cgi?id=588986 Closes: https://bugs.gentoo.org/show_bug.cgi?id=701952 Closes: https://bugs.gentoo.org/show_bug.cgi?id=538790 Closes: https://bugs.gentoo.org/show_bug.cgi?id=711206 Closes: https://bugs.gentoo.org/show_bug.cgi?id=489922 Closes: https://bugs.gentoo.org/show_bug.cgi?id=409957 Closes: https://bugs.gentoo.org/show_bug.cgi?id=445854 Closes: https://bugs.gentoo.org/show_bug.cgi?id=474408 Closes: https://bugs.gentoo.org/show_bug.cgi?id=509294 Closes: https://bugs.gentoo.org/show_bug.cgi?id=522350 Closes: https://bugs.gentoo.org/show_bug.cgi?id=546080 Closes: https://bugs.gentoo.org/show_bug.cgi?id=588482 Closes: https://bugs.gentoo.org/show_bug.cgi?id=603726 Closes: https://bugs.gentoo.org/show_bug.cgi?id=694082 Closes: https://bugs.gentoo.org/show_bug.cgi?id=634102 Closes: https://bugs.gentoo.org/show_bug.cgi?id=542186 Closes: https://bugs.gentoo.org/show_bug.cgi?id=635524 Closes: https://bugs.gentoo.org/show_bug.cgi?id=651218 Closes: https://bugs.gentoo.org/show_bug.cgi?id=651220 Signed-off-by: Mikle Kolyada <zlogene@gentoo.org> media-video/libav/Manifest | 3 - media-video/libav/files/libav-12.3-x264.patch | 85 ------- media-video/libav/libav-12.3.ebuild | 350 -------------------------- media-video/libav/libav-13_pre20171219.ebuild | 336 ------------------------- media-video/libav/libav-9999.ebuild | 339 ------------------------- media-video/libav/metadata.xml | 35 --- 6 files changed, 1148 deletions(-)