Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 635520 (CVE-2016-6832, CVE-2016-7393, CVE-2016-7424, CVE-2016-7477, CVE-2016-7499) - <media-video/libav-12.3: Multiple vulnerabilities
Summary: <media-video/libav-12.3: Multiple vulnerabilities
Status: RESOLVED OBSOLETE
Alias: CVE-2016-6832, CVE-2016-7393, CVE-2016-7424, CVE-2016-7477, CVE-2016-7499
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
URL:
Whiteboard: B3 [noglsa cve]
Keywords:
Depends on:
Blocks:
 
Reported: 2017-10-26 17:36 UTC by GLSAMaker/CVETool Bot
Modified: 2019-05-01 03:23 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description GLSAMaker/CVETool Bot gentoo-dev 2017-10-26 17:36:17 UTC
CVE-2016-7499 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7499):
  The sbr_make_f_master function in aacsbr.c in Libav 11.7 allows remote
  attackers to cause a denial of service (divide-by-zero error and application
  crash) via a crafted mp3 file.

CVE-2016-7477 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7477):
  The ff_put_pixels8_xy2_mmx function in rnd_template.c in Libav 11.7 allows
  remote attackers to cause a denial of service (invalid memory access and
  crash) via a crafted mp3 file.  NOTE: this issue was originally reported as
  involving a NULL pointer dereference.

CVE-2016-7424 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7424):
  The put_no_rnd_pixels8_xy2_mmx function in x86/rnd_template.c in libav 11.7
  and earlier allows remote attackers to cause a denial of service (NULL
  pointer dereference and crash) via a crafted MP3 file.

CVE-2016-7393 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7393):
  Stack-based buffer overflow in the aac_sync function in aac_parser.c in
  Libav before 11.5 allows remote attackers to cause a denial of service
  (out-of-bounds read) via a crafted file.

CVE-2016-6832 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6832):
  Heap-based buffer overflow in the ff_audio_resample function in resample.c
  in libav before 11.4 allows remote attackers to cause a denial of service
  (crash) via vectors related to buffer resizing.
Comment 1 Christopher Díaz Riveros (RETIRED) gentoo-dev Security 2017-10-26 17:38:48 UTC
@Maintainers 11.8 in tree is already fixed and stable, could we proceed to clean up vulnerable versions? including 11.3?

Thank you
Comment 2 Aaron Bauman Gentoo Infrastructure gentoo-dev Security 2018-03-25 17:49:42 UTC
GLSAMaker/CVETool Bot from comment #0)
> CVE-2016-7499 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7499):
>   The sbr_make_f_master function in aacsbr.c in Libav 11.7 allows remote
>   attackers to cause a denial of service (divide-by-zero error and
> application
>   crash) via a crafted mp3 file.
> 

Fix is not present in 11.8 or 12.2

> CVE-2016-7477 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7477):
>   The ff_put_pixels8_xy2_mmx function in rnd_template.c in Libav 11.7 allows
>   remote attackers to cause a denial of service (invalid memory access and
>   crash) via a crafted mp3 file.  NOTE: this issue was originally reported as
>   involving a NULL pointer dereference.

Unable to find fix upstream.  Redhat reports it will not fix.

> 
> CVE-2016-7424 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7424):
>   The put_no_rnd_pixels8_xy2_mmx function in x86/rnd_template.c in libav 11.7
>   and earlier allows remote attackers to cause a denial of service (NULL
>   pointer dereference and crash) via a crafted MP3 file.
> 

Fix not present in 11.8 or 12.2.  Fix is present in upstream Git repo.  Maybe a point release will contain it?

> CVE-2016-7393 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7393):
>   Stack-based buffer overflow in the aac_sync function in aac_parser.c in
>   Libav before 11.5 allows remote attackers to cause a denial of service
>   (out-of-bounds read) via a crafted file.
> 

Fix is present in 11.8 and 12.2.

> CVE-2016-6832 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6832):
>   Heap-based buffer overflow in the ff_audio_resample function in resample.c
>   in libav before 11.4 allows remote attackers to cause a denial of service
>   (crash) via vectors related to buffer resizing.

Fix is present in 11.8 and 12.2.
Comment 3 Yury German Gentoo Infrastructure gentoo-dev Security 2019-03-28 00:12:18 UTC
Maintainers please advised if this is fixed in tree.
Vulnerable version in CVE's: 12.2
Current in Tree is : 12.3

Please advise so we can resolve bug.
Comment 4 Aaron Bauman Gentoo Infrastructure gentoo-dev Security 2019-05-01 03:23:08 UTC
(In reply to Aaron Bauman from comment #2)
> GLSAMaker/CVETool Bot from comment #0)
> > CVE-2016-7499 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7499):
> >   The sbr_make_f_master function in aacsbr.c in Libav 11.7 allows remote
> >   attackers to cause a denial of service (divide-by-zero error and
> > application
> >   crash) via a crafted mp3 file.
> > 
> 
> Fix is not present in 11.8 or 12.2
> 
> > CVE-2016-7477 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7477):
> >   The ff_put_pixels8_xy2_mmx function in rnd_template.c in Libav 11.7 allows
> >   remote attackers to cause a denial of service (invalid memory access and
> >   crash) via a crafted mp3 file.  NOTE: this issue was originally reported as
> >   involving a NULL pointer dereference.
> 
> Unable to find fix upstream.  Redhat reports it will not fix.
> 
> > 
> > CVE-2016-7424 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7424):
> >   The put_no_rnd_pixels8_xy2_mmx function in x86/rnd_template.c in libav 11.7
> >   and earlier allows remote attackers to cause a denial of service (NULL
> >   pointer dereference and crash) via a crafted MP3 file.
> > 
> 
> Fix not present in 11.8 or 12.2.  Fix is present in upstream Git repo. 
> Maybe a point release will contain it?

Sorry, it is present, but not tagged appropriately.

> 
> > CVE-2016-7393 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7393):
> >   Stack-based buffer overflow in the aac_sync function in aac_parser.c in
> >   Libav before 11.5 allows remote attackers to cause a denial of service
> >   (out-of-bounds read) via a crafted file.
> > 
> 
> Fix is present in 11.8 and 12.2.
> 
> > CVE-2016-6832 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6832):
> >   Heap-based buffer overflow in the ff_audio_resample function in resample.c
> >   in libav before 11.4 allows remote attackers to cause a denial of service
> >   (crash) via vectors related to buffer resizing.
> 
> Fix is present in 11.8 and 12.2.