lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-Id: <E1XtFng-00067p-Sh@titan.mandriva.com>
Date: Tue, 25 Nov 2014 14:05:00 +0100
From: security@...driva.com
To: bugtraq@...urityfocus.com
Subject: [ MDVSA-2014:227 ] ffmpeg

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2014:227
 http://www.mandriva.com/en/support/security/
 _______________________________________________________________________

 Package : ffmpeg
 Date    : November 25, 2014
 Affected: Business Server 1.0
 _______________________________________________________________________

 Problem Description:

 Multiple vulnerabilities has been discovered and corrected in ffmpeg:
 
 The decode_init function in libavcodec/huffyuv.c in FFmpeg before
 1.1 allows remote attackers to have an unspecified impact via a
 crafted width in huffyuv data with the predictor set to median and
 the colorspace set to YUV422P, which triggers an out-of-bounds array
 access (CVE-2013-0848).
 
 The parse_picture_segment function in libavcodec/pgssubdec.c in FFmpeg
 before 1.1 allows remote attackers to have an unspecified impact
 via crafted RLE data, which triggers an out-of-bounds array access
 (CVE-2013-0852).
 
 The ff_er_frame_end function in libavcodec/error_resilience.c in FFmpeg
 before 1.0.4 and 1.1.x before 1.1.1 does not properly verify that a
 frame is fully initialized, which allows remote attackers to trigger
 a NULL pointer dereference via crafted picture data (CVE-2013-0860).
 
 The mm_decode_inter function in mmvideo.c in libavcodec in FFmpeg
 before 1.2.1 does not validate the relationship between a horizontal
 coordinate and a width value, which allows remote attackers to cause
 a denial of service (out-of-bounds array access and application crash)
 via crafted American Laser Games (ALG) MM Video data (CVE-2013-3672).
 
 The cdg_decode_frame function in cdgraphics.c in libavcodec in FFmpeg
 before 1.2.1 does not validate the presence of non-header data in a
 buffer, which allows remote attackers to cause a denial of service
 (out-of-bounds array access and application crash) via crafted CD
 Graphics Video data (CVE-2013-3674).
 
 The read_header function in libavcodec/ffv1dec.c in FFmpeg before
 2.1 does not properly enforce certain bit-count and colorspace
 constraints, which allows remote attackers to cause a denial of service
 (out-of-bounds array access) or possibly have unspecified other impact
 via crafted FFV1 data (CVE-2013-7020).
 
 The updated packages have been upgraded to the 0.10.15 version which
 is not vulnerable to these issues.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0848
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0852
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0860
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3672
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3674
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7020
 https://www.ffmpeg.org/security.html
 _______________________________________________________________________

 Updated Packages:

 Mandriva Business Server 1/X86_64:
 e31c4a13bea24bab16d1cb1dda38b58e  mbs1/x86_64/ffmpeg-0.10.15-1.mbs1.x86_64.rpm
 eaa771f3b8321de63ebc2aa22a034172  mbs1/x86_64/lib64avcodec53-0.10.15-1.mbs1.x86_64.rpm
 13c0a6ba4b3350964c7df3cb7e5728ee  mbs1/x86_64/lib64avfilter2-0.10.15-1.mbs1.x86_64.rpm
 b50f091e8ebae65efe3254bdc3e46a49  mbs1/x86_64/lib64avformat53-0.10.15-1.mbs1.x86_64.rpm
 86bda7e063bba85bce52932a4b4e8fed  mbs1/x86_64/lib64avutil51-0.10.15-1.mbs1.x86_64.rpm
 d14c1a61c6ace365d538a5c0affd96c2  mbs1/x86_64/lib64ffmpeg-devel-0.10.15-1.mbs1.x86_64.rpm
 8be64ec85e727546b59f53fa30e5ceb1  mbs1/x86_64/lib64ffmpeg-static-devel-0.10.15-1.mbs1.x86_64.rpm
 10e0dd8821e3e27e6c1fe4fab90f3f5c  mbs1/x86_64/lib64postproc52-0.10.15-1.mbs1.x86_64.rpm
 d2c54752d48a8abcd0a80a67d5be23be  mbs1/x86_64/lib64swresample0-0.10.15-1.mbs1.x86_64.rpm
 8d376b95efd9b83ec21b9f3dbdb73472  mbs1/x86_64/lib64swscaler2-0.10.15-1.mbs1.x86_64.rpm 
 279c214034c9a2e45a55ed06226c1db9  mbs1/SRPMS/ffmpeg-0.10.15-1.mbs1.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/en/support/security/advisories/

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iD8DBQFUdHCWmqjQ0CJFipgRAgaqAJ9gIculetYedcG09QH7L+M9Bnl5wgCeK2cW
W4+U8mQPMn2YI2LJvB0bh3I=
=z7T1
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ