Mandriva Linux Security Advisory 2012-075 - Multiple vulnerabilities has been found and corrected in ffmpeg. The Matroska format decoder in FFmpeg does not properly allocate memory, which allows remote attackers to execute arbitrary code via a crafted file. cavsdec.c in libavcodec in FFmpeg allows remote attackers to cause a denial of service (incorrect write operation and application crash) via an invalid bitstream in a Chinese AVS video file, related to the decode_residual_block, check_for_slice, and cavs_decode_frame functions, a different vulnerability than CVE-2011-3362. Various other issues were also addressed.
a0a8eba7465a48df476d1df9722497c093dac6a589b1c042b115c0aad4fae55b
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2012:075
http://www.mandriva.com/security/
_______________________________________________________________________
Package : ffmpeg
Date : May 15, 2012
Affected: 2010.1
_______________________________________________________________________
Problem Description:
Multiple vulnerabilities has been found and corrected in ffmpeg:
The Matroska format decoder in FFmpeg does not properly allocate
memory, which allows remote attackers to execute arbitrary code via
a crafted file (CVE-2011-3362, CVE-2011-3504).
cavsdec.c in libavcodec in FFmpeg allows remote attackers to cause
a denial of service (incorrect write operation and application
crash) via an invalid bitstream in a Chinese AVS video (aka CAVS)
file, related to the decode_residual_block, check_for_slice,
and cavs_decode_frame functions, a different vulnerability than
CVE-2011-3362 (CVE-2011-3973).
Integer signedness error in the decode_residual_inter function in
cavsdec.c in libavcodec in FFmpeg allows remote attackers to cause a
denial of service (incorrect write operation and application crash)
via an invalid bitstream in a Chinese AVS video (aka CAVS) file,
a different vulnerability than CVE-2011-3362 (CVE-2011-3974).
Double free vulnerability in the Theora decoder in FFmpeg allows remote
attackers to cause a denial of service or possibly have unspecified
other impact via a crafted stream (CVE-2011-3892).
FFmpeg does not properly implement the MKV and Vorbis media
handlers, which allows remote attackers to cause a denial of service
(out-of-bounds read) via unspecified vectors (CVE-2011-3893).
Heap-based buffer overflow in the Vorbis decoder in FFmpeg allows
remote attackers to cause a denial of service or possibly have
unspecified other impact via a crafted stream (CVE-2011-3895).
An error within the QDM2 decoder (libavcodec/qdm2.c) can be exploited
to cause a buffer overflow (CVE-2011-4351).
An integer overflow error within the "vp3_dequant()" function
(libavcodec/vp3.c) can be exploited to cause a buffer overflow
(CVE-2011-4352).
Errors within the "av_image_fill_pointers()", the "vp5_parse_coeff()",
and the "vp6_parse_coeff()" functions can be exploited to trigger
out-of-bounds reads (CVE-2011-4353).
It was discovered that Libav incorrectly handled certain malformed
VMD files. If a user were tricked into opening a crafted VMD file,
an attacker could cause a denial of service via application crash,
or possibly execute arbitrary code with the privileges of the user
invoking the program (CVE-2011-4364).
It was discovered that Libav incorrectly handled certain malformed SVQ1
streams. If a user were tricked into opening a crafted SVQ1 stream
file, an attacker could cause a denial of service via application
crash, or possibly execute arbitrary code with the privileges of the
user invoking the program (CVE-2011-4579).
The updated packages have been upgraded to the 0.6.5 version where
these issues has been corrected.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3362
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3504
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3973
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3974
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3892
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3893
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3895
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4351
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4352
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4353
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4364
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4579
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2010.1:
76f5e3a4f91e96e5ba189d5b5841537c 2010.1/i586/ffmpeg-0.6.5-0.1mdv2010.2.i586.rpm
8ef35b10c5424f0426a883ec4e45c955 2010.1/i586/libavformats52-0.6.5-0.1mdv2010.2.i586.rpm
9d6f71fbc09e19c8c4c585a7b68a7dbb 2010.1/i586/libavutil50-0.6.5-0.1mdv2010.2.i586.rpm
e23906f8e8ba32a8d045a22dff998680 2010.1/i586/libffmpeg52-0.6.5-0.1mdv2010.2.i586.rpm
807975400e7e27acb302f65e963e7637 2010.1/i586/libffmpeg-devel-0.6.5-0.1mdv2010.2.i586.rpm
8966bf8167413bae2257ce348487f92c 2010.1/i586/libffmpeg-static-devel-0.6.5-0.1mdv2010.2.i586.rpm
5e74f9d11c703f2b0cfa478d56252631 2010.1/i586/libpostproc51-0.6.5-0.1mdv2010.2.i586.rpm
6acd1b55535e3e198252efdbe35c3bb1 2010.1/i586/libswscaler0-0.6.5-0.1mdv2010.2.i586.rpm
d2fa2388afa05744216322c07e643db0 2010.1/SRPMS/ffmpeg-0.6.5-0.1mdv2010.2.src.rpm
Mandriva Linux 2010.1/X86_64:
e3c5a778ee768e51333705dc6174f778 2010.1/x86_64/ffmpeg-0.6.5-0.1mdv2010.2.x86_64.rpm
962e01f7fa44c306ce9b20d91e6349b9 2010.1/x86_64/lib64avformats52-0.6.5-0.1mdv2010.2.x86_64.rpm
ca6036a91e3dbdfd788c0f6e6bd909f5 2010.1/x86_64/lib64avutil50-0.6.5-0.1mdv2010.2.x86_64.rpm
f20c014495e8956f94fe52544bf15fe1 2010.1/x86_64/lib64ffmpeg52-0.6.5-0.1mdv2010.2.x86_64.rpm
66512d0d4a7b8b26dd91a49153dac0e8 2010.1/x86_64/lib64ffmpeg-devel-0.6.5-0.1mdv2010.2.x86_64.rpm
ee7bf41983b6a493e3ba2560db2b6d73 2010.1/x86_64/lib64ffmpeg-static-devel-0.6.5-0.1mdv2010.2.x86_64.rpm
ecb6241b62e646951400e0c018411ebe 2010.1/x86_64/lib64postproc51-0.6.5-0.1mdv2010.2.x86_64.rpm
02acf40f10ea8a52b57bff736b3e00bc 2010.1/x86_64/lib64swscaler0-0.6.5-0.1mdv2010.2.x86_64.rpm
d2fa2388afa05744216322c07e643db0 2010.1/SRPMS/ffmpeg-0.6.5-0.1mdv2010.2.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iD8DBQFPsh0zmqjQ0CJFipgRAmabAKDpqUzZOJcBEBkTzl0rt70Yytx/vwCcCQIM
2S7GGfBfUQVFXnqU49518hI=
=eNIf
-----END PGP SIGNATURE-----