CVE-2016-7499 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7499): The sbr_make_f_master function in aacsbr.c in Libav 11.7 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted mp3 file. CVE-2016-7477 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7477): The ff_put_pixels8_xy2_mmx function in rnd_template.c in Libav 11.7 allows remote attackers to cause a denial of service (invalid memory access and crash) via a crafted mp3 file. NOTE: this issue was originally reported as involving a NULL pointer dereference. CVE-2016-7424 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7424): The put_no_rnd_pixels8_xy2_mmx function in x86/rnd_template.c in libav 11.7 and earlier allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted MP3 file. CVE-2016-7393 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7393): Stack-based buffer overflow in the aac_sync function in aac_parser.c in Libav before 11.5 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted file. CVE-2016-6832 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6832): Heap-based buffer overflow in the ff_audio_resample function in resample.c in libav before 11.4 allows remote attackers to cause a denial of service (crash) via vectors related to buffer resizing.
@Maintainers 11.8 in tree is already fixed and stable, could we proceed to clean up vulnerable versions? including 11.3? Thank you
GLSAMaker/CVETool Bot from comment #0) > CVE-2016-7499 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7499): > The sbr_make_f_master function in aacsbr.c in Libav 11.7 allows remote > attackers to cause a denial of service (divide-by-zero error and > application > crash) via a crafted mp3 file. > Fix is not present in 11.8 or 12.2 > CVE-2016-7477 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7477): > The ff_put_pixels8_xy2_mmx function in rnd_template.c in Libav 11.7 allows > remote attackers to cause a denial of service (invalid memory access and > crash) via a crafted mp3 file. NOTE: this issue was originally reported as > involving a NULL pointer dereference. Unable to find fix upstream. Redhat reports it will not fix. > > CVE-2016-7424 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7424): > The put_no_rnd_pixels8_xy2_mmx function in x86/rnd_template.c in libav 11.7 > and earlier allows remote attackers to cause a denial of service (NULL > pointer dereference and crash) via a crafted MP3 file. > Fix not present in 11.8 or 12.2. Fix is present in upstream Git repo. Maybe a point release will contain it? > CVE-2016-7393 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7393): > Stack-based buffer overflow in the aac_sync function in aac_parser.c in > Libav before 11.5 allows remote attackers to cause a denial of service > (out-of-bounds read) via a crafted file. > Fix is present in 11.8 and 12.2. > CVE-2016-6832 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6832): > Heap-based buffer overflow in the ff_audio_resample function in resample.c > in libav before 11.4 allows remote attackers to cause a denial of service > (crash) via vectors related to buffer resizing. Fix is present in 11.8 and 12.2.
Maintainers please advised if this is fixed in tree. Vulnerable version in CVE's: 12.2 Current in Tree is : 12.3 Please advise so we can resolve bug.
(In reply to Aaron Bauman from comment #2) > GLSAMaker/CVETool Bot from comment #0) > > CVE-2016-7499 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7499): > > The sbr_make_f_master function in aacsbr.c in Libav 11.7 allows remote > > attackers to cause a denial of service (divide-by-zero error and > > application > > crash) via a crafted mp3 file. > > > > Fix is not present in 11.8 or 12.2 > > > CVE-2016-7477 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7477): > > The ff_put_pixels8_xy2_mmx function in rnd_template.c in Libav 11.7 allows > > remote attackers to cause a denial of service (invalid memory access and > > crash) via a crafted mp3 file. NOTE: this issue was originally reported as > > involving a NULL pointer dereference. > > Unable to find fix upstream. Redhat reports it will not fix. > > > > > CVE-2016-7424 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7424): > > The put_no_rnd_pixels8_xy2_mmx function in x86/rnd_template.c in libav 11.7 > > and earlier allows remote attackers to cause a denial of service (NULL > > pointer dereference and crash) via a crafted MP3 file. > > > > Fix not present in 11.8 or 12.2. Fix is present in upstream Git repo. > Maybe a point release will contain it? Sorry, it is present, but not tagged appropriately. > > > CVE-2016-7393 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7393): > > Stack-based buffer overflow in the aac_sync function in aac_parser.c in > > Libav before 11.5 allows remote attackers to cause a denial of service > > (out-of-bounds read) via a crafted file. > > > > Fix is present in 11.8 and 12.2. > > > CVE-2016-6832 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6832): > > Heap-based buffer overflow in the ff_audio_resample function in resample.c > > in libav before 11.4 allows remote attackers to cause a denial of service > > (crash) via vectors related to buffer resizing. > > Fix is present in 11.8 and 12.2.