Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

[ MDVSA-2012:075 ] ffmpeg
From: security () mandriva com
Date: Tue, 15 May 2012 14:15:01 +0200

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2012:075
 http://www.mandriva.com/security/
 _______________________________________________________________________

 Package : ffmpeg
 Date    : May 15, 2012
 Affected: 2010.1
 _______________________________________________________________________

 Problem Description:

 Multiple vulnerabilities has been found and corrected in ffmpeg:
 
 The Matroska format decoder in FFmpeg does not properly allocate
 memory, which allows remote attackers to execute arbitrary code via
 a crafted file (CVE-2011-3362, CVE-2011-3504).
 
 cavsdec.c in libavcodec in FFmpeg allows remote attackers to cause
 a denial of service (incorrect write operation and application
 crash) via an invalid bitstream in a Chinese AVS video (aka CAVS)
 file, related to the decode_residual_block, check_for_slice,
 and cavs_decode_frame functions, a different vulnerability than
 CVE-2011-3362 (CVE-2011-3973).
 
 Integer signedness error in the decode_residual_inter function in
 cavsdec.c in libavcodec in FFmpeg allows remote attackers to cause a
 denial of service (incorrect write operation and application crash)
 via an invalid bitstream in a Chinese AVS video (aka CAVS) file,
 a different vulnerability than CVE-2011-3362 (CVE-2011-3974).
 
 Double free vulnerability in the Theora decoder in FFmpeg allows remote
 attackers to cause a denial of service or possibly have unspecified
 other impact via a crafted stream (CVE-2011-3892).
 
 FFmpeg does not properly implement the MKV and Vorbis media
 handlers, which allows remote attackers to cause a denial of service
 (out-of-bounds read) via unspecified vectors (CVE-2011-3893).
 
 Heap-based buffer overflow in the Vorbis decoder in FFmpeg allows
 remote attackers to cause a denial of service or possibly have
 unspecified other impact via a crafted stream (CVE-2011-3895).
 
 An error within the QDM2 decoder (libavcodec/qdm2.c) can be exploited
 to cause a buffer overflow (CVE-2011-4351).
 
 An integer overflow error within the "vp3_dequant()" function
 (libavcodec/vp3.c) can be exploited to cause a buffer overflow
 (CVE-2011-4352).
 
 Errors within the "av_image_fill_pointers()", the "vp5_parse_coeff()",
 and the "vp6_parse_coeff()" functions can be exploited to trigger
 out-of-bounds reads (CVE-2011-4353).
 
 It was discovered that Libav incorrectly handled certain malformed
 VMD files. If a user were tricked into opening a crafted VMD file,
 an attacker could cause a denial of service via application crash,
 or possibly execute arbitrary code with the privileges of the user
 invoking the program (CVE-2011-4364).
 
 It was discovered that Libav incorrectly handled certain malformed SVQ1
 streams. If a user were tricked into opening a crafted SVQ1 stream
 file, an attacker could cause a denial of service via application
 crash, or possibly execute arbitrary code with the privileges of the
 user invoking the program (CVE-2011-4579).
 
 The updated packages have been upgraded to the 0.6.5 version where
 these issues has been corrected.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3362
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3504
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3973
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3974
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3892
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3893
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3895
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4351
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4352
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4353
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4364
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4579
 _______________________________________________________________________

 Updated Packages:

 Mandriva Linux 2010.1:
 76f5e3a4f91e96e5ba189d5b5841537c  2010.1/i586/ffmpeg-0.6.5-0.1mdv2010.2.i586.rpm
 8ef35b10c5424f0426a883ec4e45c955  2010.1/i586/libavformats52-0.6.5-0.1mdv2010.2.i586.rpm
 9d6f71fbc09e19c8c4c585a7b68a7dbb  2010.1/i586/libavutil50-0.6.5-0.1mdv2010.2.i586.rpm
 e23906f8e8ba32a8d045a22dff998680  2010.1/i586/libffmpeg52-0.6.5-0.1mdv2010.2.i586.rpm
 807975400e7e27acb302f65e963e7637  2010.1/i586/libffmpeg-devel-0.6.5-0.1mdv2010.2.i586.rpm
 8966bf8167413bae2257ce348487f92c  2010.1/i586/libffmpeg-static-devel-0.6.5-0.1mdv2010.2.i586.rpm
 5e74f9d11c703f2b0cfa478d56252631  2010.1/i586/libpostproc51-0.6.5-0.1mdv2010.2.i586.rpm
 6acd1b55535e3e198252efdbe35c3bb1  2010.1/i586/libswscaler0-0.6.5-0.1mdv2010.2.i586.rpm 
 d2fa2388afa05744216322c07e643db0  2010.1/SRPMS/ffmpeg-0.6.5-0.1mdv2010.2.src.rpm

 Mandriva Linux 2010.1/X86_64:
 e3c5a778ee768e51333705dc6174f778  2010.1/x86_64/ffmpeg-0.6.5-0.1mdv2010.2.x86_64.rpm
 962e01f7fa44c306ce9b20d91e6349b9  2010.1/x86_64/lib64avformats52-0.6.5-0.1mdv2010.2.x86_64.rpm
 ca6036a91e3dbdfd788c0f6e6bd909f5  2010.1/x86_64/lib64avutil50-0.6.5-0.1mdv2010.2.x86_64.rpm
 f20c014495e8956f94fe52544bf15fe1  2010.1/x86_64/lib64ffmpeg52-0.6.5-0.1mdv2010.2.x86_64.rpm
 66512d0d4a7b8b26dd91a49153dac0e8  2010.1/x86_64/lib64ffmpeg-devel-0.6.5-0.1mdv2010.2.x86_64.rpm
 ee7bf41983b6a493e3ba2560db2b6d73  2010.1/x86_64/lib64ffmpeg-static-devel-0.6.5-0.1mdv2010.2.x86_64.rpm
 ecb6241b62e646951400e0c018411ebe  2010.1/x86_64/lib64postproc51-0.6.5-0.1mdv2010.2.x86_64.rpm
 02acf40f10ea8a52b57bff736b3e00bc  2010.1/x86_64/lib64swscaler0-0.6.5-0.1mdv2010.2.x86_64.rpm 
 d2fa2388afa05744216322c07e643db0  2010.1/SRPMS/ffmpeg-0.6.5-0.1mdv2010.2.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iD8DBQFPsh0zmqjQ0CJFipgRAmabAKDpqUzZOJcBEBkTzl0rt70Yytx/vwCcCQIM
2S7GGfBfUQVFXnqU49518hI=
=eNIf
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


  By Date           By Thread  

Current thread:
  • [ MDVSA-2012:075 ] ffmpeg security (May 15)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault