781146 – (CVE-2020-20891, CVE-2020-20892, CVE-2020-20896, CVE-2020-20898, CVE-2020-20902, CVE-2020-23906, CVE-2021-30123) <media-video/ffmpeg-4.4: multiple vulnerabilities

Bug 781146 (CVE-2020-20891, CVE-2020-20892, CVE-2020-20896, CVE-2020-20898, CVE-2020-20902, CVE-2020-23906, CVE-2021-30123) - <media-video/ffmpeg-4.4: multiple vulnerabilities

Summary: <media-video/ffmpeg-4.4: multiple vulnerabilities

Status:	IN_PROGRESS

Alias:	CVE-2020-20891, CVE-2020-20892, CVE-2020-20896, CVE-2020-20898, CVE-2020-20902, CVE-2020-23906, CVE-2021-30123

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal major (vote)
Assignee:	Gentoo Security

URL:	https://git.videolan.org/?p=ffmpeg.gi...
Whiteboard:	A2 [cleanup cve glsa+]
Keywords:

Depends on:	804318 782412 790590
Blocks:
	Show dependency tree

Reported:	2021-04-08 14:45 UTC by John Helmert III
Modified:	2021-11-10 23:33 UTC (History)
CC List:	1 user (show)

See Also:
Package list:	media-video/ffmpeg-4.4-r1
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description John Helmert III archtester

2021-04-08 14:45:31 UTC

CVE-2021-30123:

FFmpeg <=4.3 contains a buffer overflow vulnerability in libavcodec through a crafted file that may lead to remote code execution.


Patch at $URL but seems it's not part of any tag yet.

Comment 1 jospezial 2021-04-09 11:59:28 UTC

It is in just released 4.4 .

Comment 2 jospezial 2021-04-09 12:04:21 UTC

https://github.com/FFmpeg/FFmpeg/commit/d6f293353c94c7ce200f6e0975ae3de49787f91f

Comment 3 John Helmert III archtester

2021-04-09 14:17:22 UTC

(In reply to jospezial from comment #1)
> It is in just released 4.4 .

Thanks! Maintainers, please bump.

Comment 4 jospezial 2021-04-09 21:44:24 UTC

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=ddb6d10608a9396bb123add897b15fe01538ce68
media-video/ffmpeg: bump to 4.4

Comment 5 Sam James archtester

2021-04-09 22:06:46 UTC

(In reply to jospezial from comment #4)
> https://gitweb.gentoo.org/repo/gentoo.git/commit/
> ?id=ddb6d10608a9396bb123add897b15fe01538ce68
> media-video/ffmpeg: bump to 4.4

Thanks!

Comment 6 Agostino Sarubbo gentoo-dev

2021-05-12 07:58:39 UTC

amd64 stable

Comment 7 Agostino Sarubbo gentoo-dev

2021-05-12 20:12:37 UTC

x86 stable

Comment 8 Agostino Sarubbo gentoo-dev

2021-05-14 06:42:48 UTC

ppc64 stable

Comment 9 Sam James archtester

2021-05-15 18:00:03 UTC

arm64 done

Comment 10 Sam James archtester

2021-05-15 18:02:17 UTC

arm done

Comment 11 Sam James archtester

2021-05-16 12:46:01 UTC

sparc done

Comment 12 Thomas Deutschmann gentoo-dev

2021-05-24 00:03:33 UTC

New GLSA request filed.

Comment 13 GLSAMaker/CVETool Bot gentoo-dev

2021-05-26 09:50:50 UTC

This issue was resolved and addressed in
 GLSA 202105-24 at https://security.gentoo.org/glsa/202105-24
by GLSA coordinator Thomas Deutschmann (whissi).

Comment 14 Thomas Deutschmann gentoo-dev

2021-05-26 09:51:29 UTC

Re-opening for remaining architecture.

Comment 15 John Helmert III archtester

2021-05-30 16:20:12 UTC

Ping ppc

Comment 16 Sergei Trofimovich (RETIRED) gentoo-dev

2021-06-07 07:41:54 UTC

ppc stable

All arches done.

Comment 17 John Helmert III archtester

2021-06-09 04:29:33 UTC

Please cleanup.

Comment 18 NATTkA bot gentoo-dev

2021-07-10 17:32:31 UTC

Unable to check for sanity:

> no match for package: media-video/ffmpeg-4.4

Comment 19 John Helmert III archtester

2021-09-29 23:25:05 UTC

A few more we can add that will be fixed by this cleanup.

CVE-2020-20902:

A CWE-125: Out-of-bounds read vulnerability exists in long_term_filter function in g729postfilter.c in FFmpeg 4.2.1 during computation of the denominator of
pseudo-normalized correlation R'(0), that could result in disclosure of information.

CVE-2020-20896:

An issue was discovered in function latm_write_packet in libavformat/latmenc.c in Ffmpeg 4.2.1, allows attackers to cause a Denial of Service or other unspecified impacts due to a Null pointer dereference.

CVE-2020-20898:

Integer Overflow vulnerability in function filter16_prewitt in libavfilter/vf_convolution.c in Ffmpeg 4.2.1, allows attackers to cause a Denial of Service or other unspecified impacts.

CVE-2020-20891:

Buffer Overflow vulnerability in function config_input in libavfilter/vf_gblur.c in Ffmpeg 4.2.1, allows attackers to cause a Denial of Service or other unspecified impacts.

CVE-2020-20892:

An issue was discovered in function filter_frame in libavfilter/vf_lenscorrection.c in Ffmpeg 4.2.1, allows attackers to cause a Denial of Service or other unspecified impacts due to a division by zero.

Comment 20 John Helmert III archtester

2021-11-10 23:33:44 UTC

CVE-2020-23906:

FFmpeg N-98388-g76a3ee996b allows attackers to cause a denial of service (DoS) via a crafted audio file due to insufficient verification of data authenticity.