[Full-disclosure] [ MDVSA-2012:074 ] ffmpeg



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2012:074
http://www.mandriva.com/security/
_______________________________________________________________________

Package : ffmpeg
Date : May 14, 2012
Affected: Enterprise Server 5.0
_______________________________________________________________________

Problem Description:

Multiple vulnerabilities has been found and corrected in ffmpeg:

The Matroska format decoder in FFmpeg does not properly allocate
memory, which allows remote attackers to execute arbitrary code via
a crafted file (CVE-2011-3362, CVE-2011-3504).

cavsdec.c in libavcodec in FFmpeg allows remote attackers to cause
a denial of service (incorrect write operation and application
crash) via an invalid bitstream in a Chinese AVS video (aka CAVS)
file, related to the decode_residual_block, check_for_slice,
and cavs_decode_frame functions, a different vulnerability than
CVE-2011-3362 (CVE-2011-3973).

Integer signedness error in the decode_residual_inter function in
cavsdec.c in libavcodec in FFmpeg allows remote attackers to cause a
denial of service (incorrect write operation and application crash)
via an invalid bitstream in a Chinese AVS video (aka CAVS) file,
a different vulnerability than CVE-2011-3362 (CVE-2011-3974).

FFmpeg does not properly implement the MKV and Vorbis media
handlers, which allows remote attackers to cause a denial of service
(out-of-bounds read) via unspecified vectors (CVE-2011-3893).

Heap-based buffer overflow in the Vorbis decoder in FFmpeg allows
remote attackers to cause a denial of service or possibly have
unspecified other impact via a crafted stream (CVE-2011-3895).

An error within the QDM2 decoder (libavcodec/qdm2.c) can be exploited
to cause a buffer overflow (CVE-2011-4351).

An integer overflow error within the "vp3_dequant()" function
(libavcodec/vp3.c) can be exploited to cause a buffer overflow
(CVE-2011-4352).

Errors within the "av_image_fill_pointers()", the "vp5_parse_coeff()",
and the "vp6_parse_coeff()" functions can be exploited to trigger
out-of-bounds reads (CVE-2011-4353).

It was discovered that Libav incorrectly handled certain malformed
VMD files. If a user were tricked into opening a crafted VMD file,
an attacker could cause a denial of service via application crash,
or possibly execute arbitrary code with the privileges of the user
invoking the program (CVE-2011-4364).

It was discovered that Libav incorrectly handled certain malformed SVQ1
streams. If a user were tricked into opening a crafted SVQ1 stream
file, an attacker could cause a denial of service via application
crash, or possibly execute arbitrary code with the privileges of the
user invoking the program (CVE-2011-4579).

The updated packages have been upgraded to the 0.5.9 version where
these issues has been corrected.

Additionally a couple of packages needed to be rebuilt for the new
ffmpeg version and is also being provided with this advisory.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3362
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3504
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3973
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3974
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3893
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3895
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4351
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4352
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4353
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4364
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4579
_______________________________________________________________________

Updated Packages:

Mandriva Enterprise Server 5:
0fdb49826f72c882160194a2b69a5c87 mes5/i586/alsa-plugins-doc-1.0.18-1.3mdvmes5.2.i586.rpm
a9184e748cedd56e29a8e8f8320e8e7f mes5/i586/alsa-plugins-pulse-config-1.0.18-1.3mdvmes5.2.i586.rpm
a2cd850d45fc78fbfbaaa1b5f1f26cb3 mes5/i586/ffmpeg-0.5.9-0.1mdvmes5.2.i586.rpm
934e1dc981e21c900b061d35ff4f07f8 mes5/i586/libalsa-plugins-1.0.18-1.3mdvmes5.2.i586.rpm
35cf79d3b7d0bed70062490c234a3a96 mes5/i586/libalsa-plugins-jack-1.0.18-1.3mdvmes5.2.i586.rpm
463cc419b2884f4679b892178a3a337b mes5/i586/libalsa-plugins-pulseaudio-1.0.18-1.3mdvmes5.2.i586.rpm
5a4fbe9f761a13d68dbd2a21eb16b792 mes5/i586/libavformats52-0.5.9-0.1mdvmes5.2.i586.rpm
26962af25fa57974623890fb3677fd7f mes5/i586/libavutil49-0.5.9-0.1mdvmes5.2.i586.rpm
d763fdf58e3df9e1f983f9b3fca0b5dc mes5/i586/libffmpeg52-0.5.9-0.1mdvmes5.2.i586.rpm
001f3283c3e5c4613b27eb2e0e16c67e mes5/i586/libffmpeg-devel-0.5.9-0.1mdvmes5.2.i586.rpm
beab6d8b916aee5612dd19d911baeb28 mes5/i586/libffmpeg-static-devel-0.5.9-0.1mdvmes5.2.i586.rpm
aeebaae0004f02a4d93251449dcb4a32 mes5/i586/libpostproc51-0.5.9-0.1mdvmes5.2.i586.rpm
f1316e064b6a1eee639db109e6d914cb mes5/i586/libsox1-14.3.0-0.1mdvmes5.2.i586.rpm
d3ada9d56563250589ae5ebf0965c9f0 mes5/i586/libsox-devel-14.3.0-0.1mdvmes5.2.i586.rpm
1142b3b17f5111d1461bf903433d48fc mes5/i586/libswscaler0-0.5.9-0.1mdvmes5.2.i586.rpm
f8b48a8125687623eafc58ea85576138 mes5/i586/sox-14.3.0-0.1mdvmes5.2.i586.rpm
ebbc02efc1cecabcd1bc690c037f6661 mes5/SRPMS/alsa-plugins-1.0.18-1.3mdvmes5.2.src.rpm
234640efe0b95b9024908b7288b32e8b mes5/SRPMS/ffmpeg-0.5.9-0.1mdvmes5.2.src.rpm
15fc65b510c9db52c6a1a24eb8757543 mes5/SRPMS/sox-14.3.0-0.1mdvmes5.2.src.rpm

Mandriva Enterprise Server 5/X86_64:
9f84db2778fc1f811bada3de7b6d4bfa mes5/x86_64/alsa-plugins-doc-1.0.18-1.3mdvmes5.2.x86_64.rpm
1d59606b054a936336eaccf54873d81d mes5/x86_64/alsa-plugins-pulse-config-1.0.18-1.3mdvmes5.2.x86_64.rpm
50b0809d47ff5a08a390732ab8e0a933 mes5/x86_64/ffmpeg-0.5.9-0.1mdvmes5.2.x86_64.rpm
088e6dc595a71490d6d9f46e558a6726 mes5/x86_64/lib64alsa-plugins-1.0.18-1.3mdvmes5.2.x86_64.rpm
37fda2dabd87de004441841b59d391b5 mes5/x86_64/lib64alsa-plugins-jack-1.0.18-1.3mdvmes5.2.x86_64.rpm
734ccbb72c0f4fd4202e1d2479b3b00c mes5/x86_64/lib64alsa-plugins-pulseaudio-1.0.18-1.3mdvmes5.2.x86_64.rpm
6d2178f975d930a5824ef91020fc1cdb mes5/x86_64/lib64avformats52-0.5.9-0.1mdvmes5.2.x86_64.rpm
ca395249e3f8c7d1f5e63ffe71302cc0 mes5/x86_64/lib64avutil49-0.5.9-0.1mdvmes5.2.x86_64.rpm
6d6fe319ed45c1699432b88032ebc3b1 mes5/x86_64/lib64ffmpeg52-0.5.9-0.1mdvmes5.2.x86_64.rpm
e4ede05f09b5f59c0f672ec2aa5dc699 mes5/x86_64/lib64ffmpeg-devel-0.5.9-0.1mdvmes5.2.x86_64.rpm
96c86a1f1d85a5e30c319f4f16879a5c mes5/x86_64/lib64ffmpeg-static-devel-0.5.9-0.1mdvmes5.2.x86_64.rpm
0887b3218482cac483f3d71c93172cad mes5/x86_64/lib64postproc51-0.5.9-0.1mdvmes5.2.x86_64.rpm
32929df8af1400096cc801bdee36e6c9 mes5/x86_64/lib64sox1-14.3.0-0.1mdvmes5.2.x86_64.rpm
22485b182e669a22f875d0103729a25c mes5/x86_64/lib64sox-devel-14.3.0-0.1mdvmes5.2.x86_64.rpm
4a9dfb1bae4462e53da91d4f3b055a70 mes5/x86_64/lib64swscaler0-0.5.9-0.1mdvmes5.2.x86_64.rpm
de5b1e5a5160ac8df7c4727887b00ec6 mes5/x86_64/sox-14.3.0-0.1mdvmes5.2.x86_64.rpm
ebbc02efc1cecabcd1bc690c037f6661 mes5/SRPMS/alsa-plugins-1.0.18-1.3mdvmes5.2.src.rpm
234640efe0b95b9024908b7288b32e8b mes5/SRPMS/ffmpeg-0.5.9-0.1mdvmes5.2.src.rpm
15fc65b510c9db52c6a1a24eb8757543 mes5/SRPMS/sox-14.3.0-0.1mdvmes5.2.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iD8DBQFPsSFpmqjQ0CJFipgRAgBuAKDx4qPO9FrgQm+FZ9hUsH7CE+Y4bgCfbO/u
8bhswyhduXBF2NKD7WKctYg=
=4G2y
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/



Relevant Pages

  • [Full-disclosure] [ MDVSA-2012:074-1 ] ffmpeg
    ... Multiple vulnerabilities has been found and corrected in ffmpeg: ... which allows remote attackers to execute arbitrary code via ... Additionally a couple of packages needed to be rebuilt for the new ... Mandriva Enterprise Server 5/X86_64: ...
    (Full-Disclosure)
  • [ MDVSA-2012:074-1 ] ffmpeg
    ... Multiple vulnerabilities has been found and corrected in ffmpeg: ... which allows remote attackers to execute arbitrary code via ... Additionally a couple of packages needed to be rebuilt for the new ... Mandriva Enterprise Server 5/X86_64: ...
    (Bugtraq)
  • [Full-disclosure] [ MDVSA-2010:027 ] kdelibs4
    ... Multiple vulnerabilities was discovered and corrected in kdelibs4: ... which allows remote attackers to execute ... The updated packages have been patched to correct these issues. ... Mandriva Linux 2009.1/X86_64: ...
    (Full-Disclosure)
  • [ MDVSA-2010:027 ] kdelibs4
    ... Multiple vulnerabilities was discovered and corrected in kdelibs4: ... which allows remote attackers to execute ... The updated packages have been patched to correct these issues. ... Mandriva Linux 2009.1/X86_64: ...
    (Bugtraq)
  • [Full-disclosure] [ MDVSA-2011:088 ] mplayer
    ... oggparsevorbis.c in FFmpeg 0.5 does not properly perform certain ... which might allow remote attackers ... Packages for 2009.0 are provided as of the Extended Maintenance ... Mandriva Linux 2009.0/X86_64: ...
    (Full-Disclosure)