Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

[ MDVSA-2012:074 ] ffmpeg
From: security () mandriva com
Date: Mon, 14 May 2012 20:21:00 +0200

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2012:074
 http://www.mandriva.com/security/
 _______________________________________________________________________

 Package : ffmpeg
 Date    : May 14, 2012
 Affected: Enterprise Server 5.0
 _______________________________________________________________________

 Problem Description:

 Multiple vulnerabilities has been found and corrected in ffmpeg:
 
 The Matroska format decoder in FFmpeg does not properly allocate
 memory, which allows remote attackers to execute arbitrary code via
 a crafted file (CVE-2011-3362, CVE-2011-3504).
 
 cavsdec.c in libavcodec in FFmpeg allows remote attackers to cause
 a denial of service (incorrect write operation and application
 crash) via an invalid bitstream in a Chinese AVS video (aka CAVS)
 file, related to the decode_residual_block, check_for_slice,
 and cavs_decode_frame functions, a different vulnerability than
 CVE-2011-3362 (CVE-2011-3973).
 
 Integer signedness error in the decode_residual_inter function in
 cavsdec.c in libavcodec in FFmpeg allows remote attackers to cause a
 denial of service (incorrect write operation and application crash)
 via an invalid bitstream in a Chinese AVS video (aka CAVS) file,
 a different vulnerability than CVE-2011-3362 (CVE-2011-3974).
 
 FFmpeg does not properly implement the MKV and Vorbis media
 handlers, which allows remote attackers to cause a denial of service
 (out-of-bounds read) via unspecified vectors (CVE-2011-3893).
 
 Heap-based buffer overflow in the Vorbis decoder in FFmpeg allows
 remote attackers to cause a denial of service or possibly have
 unspecified other impact via a crafted stream (CVE-2011-3895).
 
 An error within the QDM2 decoder (libavcodec/qdm2.c) can be exploited
 to cause a buffer overflow (CVE-2011-4351).
 
 An integer overflow error within the "vp3_dequant()" function
 (libavcodec/vp3.c) can be exploited to cause a buffer overflow
 (CVE-2011-4352).
 
 Errors within the "av_image_fill_pointers()", the "vp5_parse_coeff()",
 and the "vp6_parse_coeff()" functions can be exploited to trigger
 out-of-bounds reads (CVE-2011-4353).
 
 It was discovered that Libav incorrectly handled certain malformed
 VMD files. If a user were tricked into opening a crafted VMD file,
 an attacker could cause a denial of service via application crash,
 or possibly execute arbitrary code with the privileges of the user
 invoking the program (CVE-2011-4364).
 
 It was discovered that Libav incorrectly handled certain malformed SVQ1
 streams. If a user were tricked into opening a crafted SVQ1 stream
 file, an attacker could cause a denial of service via application
 crash, or possibly execute arbitrary code with the privileges of the
 user invoking the program (CVE-2011-4579).
 
 The updated packages have been upgraded to the 0.5.9 version where
 these issues has been corrected.
 
 Additionally a couple of packages needed to be rebuilt for the new
 ffmpeg version and is also being provided with this advisory.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3362
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3504
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3973
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3974
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3893
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3895
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4351
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4352
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4353
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4364
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4579
 _______________________________________________________________________

 Updated Packages:

 Mandriva Enterprise Server 5:
 0fdb49826f72c882160194a2b69a5c87  mes5/i586/alsa-plugins-doc-1.0.18-1.3mdvmes5.2.i586.rpm
 a9184e748cedd56e29a8e8f8320e8e7f  mes5/i586/alsa-plugins-pulse-config-1.0.18-1.3mdvmes5.2.i586.rpm
 a2cd850d45fc78fbfbaaa1b5f1f26cb3  mes5/i586/ffmpeg-0.5.9-0.1mdvmes5.2.i586.rpm
 934e1dc981e21c900b061d35ff4f07f8  mes5/i586/libalsa-plugins-1.0.18-1.3mdvmes5.2.i586.rpm
 35cf79d3b7d0bed70062490c234a3a96  mes5/i586/libalsa-plugins-jack-1.0.18-1.3mdvmes5.2.i586.rpm
 463cc419b2884f4679b892178a3a337b  mes5/i586/libalsa-plugins-pulseaudio-1.0.18-1.3mdvmes5.2.i586.rpm
 5a4fbe9f761a13d68dbd2a21eb16b792  mes5/i586/libavformats52-0.5.9-0.1mdvmes5.2.i586.rpm
 26962af25fa57974623890fb3677fd7f  mes5/i586/libavutil49-0.5.9-0.1mdvmes5.2.i586.rpm
 d763fdf58e3df9e1f983f9b3fca0b5dc  mes5/i586/libffmpeg52-0.5.9-0.1mdvmes5.2.i586.rpm
 001f3283c3e5c4613b27eb2e0e16c67e  mes5/i586/libffmpeg-devel-0.5.9-0.1mdvmes5.2.i586.rpm
 beab6d8b916aee5612dd19d911baeb28  mes5/i586/libffmpeg-static-devel-0.5.9-0.1mdvmes5.2.i586.rpm
 aeebaae0004f02a4d93251449dcb4a32  mes5/i586/libpostproc51-0.5.9-0.1mdvmes5.2.i586.rpm
 f1316e064b6a1eee639db109e6d914cb  mes5/i586/libsox1-14.3.0-0.1mdvmes5.2.i586.rpm
 d3ada9d56563250589ae5ebf0965c9f0  mes5/i586/libsox-devel-14.3.0-0.1mdvmes5.2.i586.rpm
 1142b3b17f5111d1461bf903433d48fc  mes5/i586/libswscaler0-0.5.9-0.1mdvmes5.2.i586.rpm
 f8b48a8125687623eafc58ea85576138  mes5/i586/sox-14.3.0-0.1mdvmes5.2.i586.rpm 
 ebbc02efc1cecabcd1bc690c037f6661  mes5/SRPMS/alsa-plugins-1.0.18-1.3mdvmes5.2.src.rpm
 234640efe0b95b9024908b7288b32e8b  mes5/SRPMS/ffmpeg-0.5.9-0.1mdvmes5.2.src.rpm
 15fc65b510c9db52c6a1a24eb8757543  mes5/SRPMS/sox-14.3.0-0.1mdvmes5.2.src.rpm

 Mandriva Enterprise Server 5/X86_64:
 9f84db2778fc1f811bada3de7b6d4bfa  mes5/x86_64/alsa-plugins-doc-1.0.18-1.3mdvmes5.2.x86_64.rpm
 1d59606b054a936336eaccf54873d81d  mes5/x86_64/alsa-plugins-pulse-config-1.0.18-1.3mdvmes5.2.x86_64.rpm
 50b0809d47ff5a08a390732ab8e0a933  mes5/x86_64/ffmpeg-0.5.9-0.1mdvmes5.2.x86_64.rpm
 088e6dc595a71490d6d9f46e558a6726  mes5/x86_64/lib64alsa-plugins-1.0.18-1.3mdvmes5.2.x86_64.rpm
 37fda2dabd87de004441841b59d391b5  mes5/x86_64/lib64alsa-plugins-jack-1.0.18-1.3mdvmes5.2.x86_64.rpm
 734ccbb72c0f4fd4202e1d2479b3b00c  mes5/x86_64/lib64alsa-plugins-pulseaudio-1.0.18-1.3mdvmes5.2.x86_64.rpm
 6d2178f975d930a5824ef91020fc1cdb  mes5/x86_64/lib64avformats52-0.5.9-0.1mdvmes5.2.x86_64.rpm
 ca395249e3f8c7d1f5e63ffe71302cc0  mes5/x86_64/lib64avutil49-0.5.9-0.1mdvmes5.2.x86_64.rpm
 6d6fe319ed45c1699432b88032ebc3b1  mes5/x86_64/lib64ffmpeg52-0.5.9-0.1mdvmes5.2.x86_64.rpm
 e4ede05f09b5f59c0f672ec2aa5dc699  mes5/x86_64/lib64ffmpeg-devel-0.5.9-0.1mdvmes5.2.x86_64.rpm
 96c86a1f1d85a5e30c319f4f16879a5c  mes5/x86_64/lib64ffmpeg-static-devel-0.5.9-0.1mdvmes5.2.x86_64.rpm
 0887b3218482cac483f3d71c93172cad  mes5/x86_64/lib64postproc51-0.5.9-0.1mdvmes5.2.x86_64.rpm
 32929df8af1400096cc801bdee36e6c9  mes5/x86_64/lib64sox1-14.3.0-0.1mdvmes5.2.x86_64.rpm
 22485b182e669a22f875d0103729a25c  mes5/x86_64/lib64sox-devel-14.3.0-0.1mdvmes5.2.x86_64.rpm
 4a9dfb1bae4462e53da91d4f3b055a70  mes5/x86_64/lib64swscaler0-0.5.9-0.1mdvmes5.2.x86_64.rpm
 de5b1e5a5160ac8df7c4727887b00ec6  mes5/x86_64/sox-14.3.0-0.1mdvmes5.2.x86_64.rpm 
 ebbc02efc1cecabcd1bc690c037f6661  mes5/SRPMS/alsa-plugins-1.0.18-1.3mdvmes5.2.src.rpm
 234640efe0b95b9024908b7288b32e8b  mes5/SRPMS/ffmpeg-0.5.9-0.1mdvmes5.2.src.rpm
 15fc65b510c9db52c6a1a24eb8757543  mes5/SRPMS/sox-14.3.0-0.1mdvmes5.2.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iD8DBQFPsSFpmqjQ0CJFipgRAgBuAKDx4qPO9FrgQm+FZ9hUsH7CE+Y4bgCfbO/u
8bhswyhduXBF2NKD7WKctYg=
=4G2y
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


  By Date           By Thread  

Current thread:
  • [ MDVSA-2012:074 ] ffmpeg security (May 14)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault