what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

Mandriva Linux Security Advisory 2011-060

Mandriva Linux Security Advisory 2011-060
Posted Apr 1, 2011
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2011-060 - oggparsevorbis.c in FFmpeg 0.5 does not properly perform certain pointer arithmetic, which might allow remote attackers to obtain sensitive memory contents and cause a denial of service via a crafted file that triggers an out-of-bounds read. vorbis_dec.c in FFmpeg 0.5 uses an assignment operator when a comparison operator was intended, which might allow remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted file that modifies a loop counter and triggers a heap-based buffer overflow. Multiple integer underflows in FFmpeg 0.5 allow remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted file that bypasses a validation check in vorbis_dec.c and triggers a wraparound of the stack pointer, or access a pointer from out-of-bounds memory in mov.c, related to an elst tag that appears before a tag that creates a stream. FFmpeg 0.5 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted MOV container with improperly ordered tags that cause utils.c to use inconsistent codec types and identifiers, which causes the mp3 decoder to process a pointer for a video structure, leading to a stack-based buffer overflow. The av_rescale_rnd function in the AVI demuxer in FFmpeg 0.5 allows remote attackers to cause a denial of service via a crafted AVI file that triggers a divide-by-zero error. Array index error in vorbis_dec.c in FFmpeg 0.5 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted Vorbis file that triggers an out-of-bounds read. flicvideo.c in libavcodec 0.6 and earlier in FFmpeg, as used in MPlayer and other products, allows remote attackers to execute arbitrary code via a crafted flic file, related to an arbitrary offset dereference vulnerability. libavcodec/vorbis_dec.c in the Vorbis decoder in FFmpeg 0.6.1 and earlier allows remote attackers to cause a denial of service via a crafted.ogg file, related to the vorbis_floor0_decode function. And several additional vulnerabilities originally discovered by Google Chrome developers were also fixed with this advisory.

tags | advisory, remote, denial of service, overflow, arbitrary, vulnerability
systems | linux, mandriva
advisories | CVE-2009-4632, CVE-2009-4633, CVE-2009-4634, CVE-2009-4635, CVE-2009-4639, CVE-2009-4640, CVE-2010-3429, CVE-2010-4704
SHA-256 | 72bda34e1a85cce233e9d75d74936eddfb6b008e8d850ac1e6308d2a939ee87b

Mandriva Linux Security Advisory 2011-060

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2011:060
http://www.mandriva.com/security/
_______________________________________________________________________

Package : ffmpeg
Date : April 1, 2011
Affected: 2009.0, Enterprise Server 5.0
_______________________________________________________________________

Problem Description:

Multiple vulnerabilities has been identified and fixed in ffmpeg:

oggparsevorbis.c in FFmpeg 0.5 does not properly perform certain
pointer arithmetic, which might allow remote attackers to obtain
sensitive memory contents and cause a denial of service via a crafted
file that triggers an out-of-bounds read. (CVE-2009-4632)

vorbis_dec.c in FFmpeg 0.5 uses an assignment operator when a
comparison operator was intended, which might allow remote attackers
to cause a denial of service and possibly execute arbitrary code via
a crafted file that modifies a loop counter and triggers a heap-based
buffer overflow. (CVE-2009-4633)

Multiple integer underflows in FFmpeg 0.5 allow remote attackers to
cause a denial of service and possibly execute arbitrary code via a
crafted file that (1) bypasses a validation check in vorbis_dec.c
and triggers a wraparound of the stack pointer, or (2) access a
pointer from out-of-bounds memory in mov.c, related to an elst tag
that appears before a tag that creates a stream. (CVE-2009-4634)

FFmpeg 0.5 allows remote attackers to cause a denial of service and
possibly execute arbitrary code via a crafted MOV container with
improperly ordered tags that cause (1) mov.c and (2) utils.c to use
inconsistent codec types and identifiers, which causes the mp3 decoder
to process a pointer for a video structure, leading to a stack-based
buffer overflow. (CVE-2009-4635)

The av_rescale_rnd function in the AVI demuxer in FFmpeg 0.5 allows
remote attackers to cause a denial of service (crash) via a crafted
AVI file that triggers a divide-by-zero error. (CVE-2009-4639)

Array index error in vorbis_dec.c in FFmpeg 0.5 allows remote
attackers to cause a denial of service and possibly execute arbitrary
code via a crafted Vorbis file that triggers an out-of-bounds
read. (CVE-2009-4640)

flicvideo.c in libavcodec 0.6 and earlier in FFmpeg, as used in MPlayer
and other products, allows remote attackers to execute arbitrary code
via a crafted flic file, related to an arbitrary offset dereference
vulnerability. (CVE-2010-3429)

libavcodec/vorbis_dec.c in the Vorbis decoder in FFmpeg 0.6.1
and earlier allows remote attackers to cause a denial of service
(application crash) via a crafted .ogg file, related to the
vorbis_floor0_decode function. (CVE-2010-4704)

And several additional vulnerabilites originally discovered by Google
Chrome developers were also fixed with this advisory.

Packages for 2009.0 are provided as of the Extended Maintenance
Program. Please visit this link to learn more:
http://store.mandriva.com/product_info.php?cPath=149&products_id=490

The updated packages have been patched to correct these issues.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4632
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4633
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4634
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4635
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4639
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4640
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3429
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4704
_______________________________________________________________________

Updated Packages:

Mandriva Linux 2009.0:
35b8598a8ba305854c81884350072070 2009.0/i586/ffmpeg-0.4.9-3.pre1.14161.1.4mdv2009.0.i586.rpm
537c6ed300c14bd4c6dac8b9ea98349a 2009.0/i586/libavformats52-0.4.9-3.pre1.14161.1.4mdv2009.0.i586.rpm
847b11c0bb86959f9712cb2beced7648 2009.0/i586/libavutil49-0.4.9-3.pre1.14161.1.4mdv2009.0.i586.rpm
6bad47923019bdd3e17209956955919e 2009.0/i586/libffmpeg51-0.4.9-3.pre1.14161.1.4mdv2009.0.i586.rpm
c49eeeda4be62fdcc57b0b42eff2005b 2009.0/i586/libffmpeg-devel-0.4.9-3.pre1.14161.1.4mdv2009.0.i586.rpm
c06661882ab8613b23712898751856af 2009.0/i586/libffmpeg-static-devel-0.4.9-3.pre1.14161.1.4mdv2009.0.i586.rpm
a9ef39faaa7a3054c846471ed95510a1 2009.0/i586/libswscaler0-0.4.9-3.pre1.14161.1.4mdv2009.0.i586.rpm
c8cf3cef711e1a6d51bcb666030e1f42 2009.0/SRPMS/ffmpeg-0.4.9-3.pre1.14161.1.4mdv2009.0.src.rpm

Mandriva Linux 2009.0/X86_64:
03d2549605505e1c22ebb95d83b2657b 2009.0/x86_64/ffmpeg-0.4.9-3.pre1.14161.1.4mdv2009.0.x86_64.rpm
b4e51f531b91947b68224adb0b7da78b 2009.0/x86_64/lib64avformats52-0.4.9-3.pre1.14161.1.4mdv2009.0.x86_64.rpm
304a2ba3024d20e6c61d499d9d77daa0 2009.0/x86_64/lib64avutil49-0.4.9-3.pre1.14161.1.4mdv2009.0.x86_64.rpm
f772b82b558dc0cb8ce7f643c23b1214 2009.0/x86_64/lib64ffmpeg51-0.4.9-3.pre1.14161.1.4mdv2009.0.x86_64.rpm
d60e53babfdfced4c42e15e881c1de11 2009.0/x86_64/lib64ffmpeg-devel-0.4.9-3.pre1.14161.1.4mdv2009.0.x86_64.rpm
e7b0f5257f4859d35c33d7d9cfaf601c 2009.0/x86_64/lib64ffmpeg-static-devel-0.4.9-3.pre1.14161.1.4mdv2009.0.x86_64.rpm
a585acd8d62940593fca0aafc9b1dc96 2009.0/x86_64/lib64swscaler0-0.4.9-3.pre1.14161.1.4mdv2009.0.x86_64.rpm
c8cf3cef711e1a6d51bcb666030e1f42 2009.0/SRPMS/ffmpeg-0.4.9-3.pre1.14161.1.4mdv2009.0.src.rpm

Mandriva Enterprise Server 5:
3a36c497bde8a3e9fd34f0cd029d0392 mes5/i586/ffmpeg-0.4.9-3.pre1.14161.1.4mdvmes5.2.i586.rpm
3f06c90d4ec2332f295a6b947dd57ab5 mes5/i586/libavformats52-0.4.9-3.pre1.14161.1.4mdvmes5.2.i586.rpm
d9aab1dbf20a5e14c824ee003941763b mes5/i586/libavutil49-0.4.9-3.pre1.14161.1.4mdvmes5.2.i586.rpm
5917203833e406e431fcf3cfba2fe7de mes5/i586/libffmpeg51-0.4.9-3.pre1.14161.1.4mdvmes5.2.i586.rpm
d3ac8c102cf086501d4fd256155941ac mes5/i586/libffmpeg-devel-0.4.9-3.pre1.14161.1.4mdvmes5.2.i586.rpm
b42248fb015e570a89923d1a60728ead mes5/i586/libffmpeg-static-devel-0.4.9-3.pre1.14161.1.4mdvmes5.2.i586.rpm
48ce261f950e4730ac76bebf65c4acc7 mes5/i586/libswscaler0-0.4.9-3.pre1.14161.1.4mdvmes5.2.i586.rpm
b332f476834cc59ea192f36bf9f1521c mes5/SRPMS/ffmpeg-0.4.9-3.pre1.14161.1.4mdvmes5.2.src.rpm

Mandriva Enterprise Server 5/X86_64:
897a2646af3535baeb15ec92bd912443 mes5/x86_64/ffmpeg-0.4.9-3.pre1.14161.1.4mdvmes5.2.x86_64.rpm
c270cb8f505340f3b23c6e862b6a61ae mes5/x86_64/lib64avformats52-0.4.9-3.pre1.14161.1.4mdvmes5.2.x86_64.rpm
3bcc81db2dce4cfe4e62f8828d710ef2 mes5/x86_64/lib64avutil49-0.4.9-3.pre1.14161.1.4mdvmes5.2.x86_64.rpm
556dccfb35d1b7ae34e3a98ff50392f9 mes5/x86_64/lib64ffmpeg51-0.4.9-3.pre1.14161.1.4mdvmes5.2.x86_64.rpm
ca12abb36b5abd916f3e94c19b02d10c mes5/x86_64/lib64ffmpeg-devel-0.4.9-3.pre1.14161.1.4mdvmes5.2.x86_64.rpm
63ea4c46741919fe690beb94e85cfd92 mes5/x86_64/lib64ffmpeg-static-devel-0.4.9-3.pre1.14161.1.4mdvmes5.2.x86_64.rpm
d87ceee8d1befd22d04e3f4f78e5e52b mes5/x86_64/lib64swscaler0-0.4.9-3.pre1.14161.1.4mdvmes5.2.x86_64.rpm
b332f476834cc59ea192f36bf9f1521c mes5/SRPMS/ffmpeg-0.4.9-3.pre1.14161.1.4mdvmes5.2.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFNlgUCmqjQ0CJFipgRAuihAKDPoHXVNvZg3AdcWlp42IFPTQ1sPwCg2Ig1
aC78goX8Av/Q7yOT6VWTDyo=
=0hmU
-----END PGP SIGNATURE-----

Login or Register to add favorites

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    0 Files
  • 12
    Nov 12th
    0 Files
  • 13
    Nov 13th
    0 Files
  • 14
    Nov 14th
    0 Files
  • 15
    Nov 15th
    0 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close