====================================================== Name: CVE-2013-0872 Status: Candidate URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0872 Final-Decision: Interim-Decision: Modified: Proposed: Assigned: 20130107 Category: Reference: CONFIRM:http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=21cd905cd44a4bbafe8631bbaa6021d328413ce5 Reference: CONFIRM:http://www.ffmpeg.org/security.html The swr_init function in libswresample/swresample.c in FFmpeg before 1.1.3 allows remote attackers to have an unspecified impact via an invalid or unsupported (1) input or (2) output channel layout, related to an out-of-bounds array access. ====================================================== Name: CVE-2013-0873 Status: Candidate URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0873 Final-Decision: Interim-Decision: Modified: Proposed: Assigned: 20130107 Category: Reference: CONFIRM:http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=4f1279154ee9baf2078241bf5619774970d18b25 Reference: CONFIRM:http://www.ffmpeg.org/security.html The read_header function in libavcodec/shorten.c in FFmpeg before 1.1.3 allows remote attackers to have an unspecified impact via an invalid channel count, related to "freeing invalid addresses." ====================================================== Name: CVE-2013-0874 Status: Candidate URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0874 Final-Decision: Interim-Decision: Modified: Proposed: Assigned: 20130107 Category: Reference: CONFIRM:http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=e1219cdaf9fb4bc8cea410e1caf802373c1bfe51 Reference: CONFIRM:http://www.ffmpeg.org/security.html The (1) doubles2str and (2) shorts2str functions in libavcodec/tiff.c in FFmpeg before 1.1.3 allow remote attackers to have an unspecified impact via a crafted TIFF image, related to an out-of-bounds array access. ====================================================== Name: CVE-2013-0875 Status: Candidate URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0875 Final-Decision: Interim-Decision: Modified: Proposed: Assigned: 20130107 Category: Reference: CONFIRM:http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=1ac0fa50eff30d413206cffa5f47f7fe6d4849b1 Reference: CONFIRM:http://www.ffmpeg.org/security.html The ff_add_png_paeth_prediction function in libavcodec/pngdec.c in FFmpeg before 1.1.3 allows remote attackers to have an unspecified impact via a crafted PNG image, related to an out-of-bounds array access. ====================================================== Name: CVE-2013-0876 Status: Candidate URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0876 Final-Decision: Interim-Decision: Modified: Proposed: Assigned: 20130107 Category: Reference: CONFIRM:http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=5260edee7e5bd975837696c8c8c1a80eb2fbd7c1 Reference: CONFIRM:http://www.ffmpeg.org/security.html Multiple integer overflows in the (1) old_codec37 and (2) old_codec47 functions in libavcodec/sanm.c in FFmpeg before 1.1.3 allow remote attackers to have an unspecified impact via crafted LucasArts Smush data, which triggers an out-of-bounds array access. ====================================================== Name: CVE-2013-0877 Status: Candidate URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0877 Final-Decision: Interim-Decision: Modified: Proposed: Assigned: 20130107 Category: Reference: CONFIRM:http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=365270aec5c2b9284230abc702b11168818f14cf Reference: CONFIRM:http://www.ffmpeg.org/security.html The old_codec37 function in libavcodec/sanm.c in FFmpeg before 1.1.3 allows remote attackers to have an unspecified impact via crafted LucasArts Smush data that has a large size when decoded, related to an out-of-bounds array access. ====================================================== Name: CVE-2013-0878 Status: Candidate URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0878 Final-Decision: Interim-Decision: Modified: Proposed: Assigned: 20130107 Category: Reference: CONFIRM:http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=f5955d9f6f9ffdb81864c3de1c7b801782a55725 Reference: CONFIRM:http://www.ffmpeg.org/security.html The advance_line function in libavcodec/targa.c in FFmpeg before 1.1.3 allows remote attackers to have an unspecified impact via crafted Targa image data, related to an out-of-bounds array access. ====================================================== Name: CVE-2013-4263 Status: Candidate URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4263 Final-Decision: Interim-Decision: Modified: Proposed: Assigned: 20130612 Category: Reference: MLIST:[oss-security] 20130821 Re: CVE Request: FFmpeg 2.0.1 multiple problems Reference: URL:http://www.openwall.com/lists/oss-security/2013/08/21/11 Reference: CONFIRM:http://www.ffmpeg.org/security.html Reference: CONFIRM:https://github.com/FFmpeg/FFmpeg/commit/e43a0a232dbf6d3c161823c2e07c52e76227a1bc libavfilter in FFmpeg before 2.0.1 allows has unspecified impact and remote vectors related to a crafted "plane," which triggers an out-of-bounds heap write. ====================================================== Name: CVE-2013-4264 Status: Candidate URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4264 Final-Decision: Interim-Decision: Modified: Proposed: Assigned: 20130612 Category: Reference: MLIST:[oss-security] 20130821 Re: CVE Request: FFmpeg 2.0.1 multiple problems Reference: URL:http://www.openwall.com/lists/oss-security/2013/08/21/11 Reference: CONFIRM:http://www.ffmpeg.org/security.html Reference: CONFIRM:https://github.com/FFmpeg/FFmpeg/commit/2960576378d17d71cc8dccc926352ce568b5eec1 Reference: CONFIRM:https://trac.ffmpeg.org/ticket/2842 The kempf_decode_tile function in libavcodec/g2meet.c in FFmpeg before 2.0.1 allows remote attackers to cause a denial of service (out-of-bounds heap write) via a G2M4 encoded file. ====================================================== Name: CVE-2013-4265 Status: Candidate URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4265 Final-Decision: Interim-Decision: Modified: Proposed: Assigned: 20130612 Category: Reference: MLIST:[oss-security] 20130821 Re: CVE Request: FFmpeg 2.0.1 multiple problems Reference: URL:http://www.openwall.com/lists/oss-security/2013/08/21/11 Reference: CONFIRM:http://www.ffmpeg.org/security.html Reference: CONFIRM:https://github.com/FFmpeg/FFmpeg/commit/c94f9e854228e0ea00e1de8769d8d3f7cab84a55 The av_reallocp_array function in libavutil/mem.c in FFmpeg before 2.0.1 has an unspecified impact and remote vectors related to a "wrong return code" and a resultant NULL pointer dereference. ====================================================== Name: CVE-2013-0860 Status: Candidate URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0860 Final-Decision: Interim-Decision: Modified: Proposed: Assigned: 20130107 Category: Reference: CONFIRM:http://git.videolan.org/?p=ffmpeg.git;a=commit;h=3e196e4def03c7a91423803402f84d638d316c33 Reference: CONFIRM:http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=68a0477bc0af026db971ddba22541029a9e8715b Reference: CONFIRM:http://www.ffmpeg.org/security.html The ff_er_frame_end function in libavcodec/error_resilience.c in FFmpeg before 1.0.4 and 1.1.x before 1.1.1 does not properly verify that a frame is fully initialized, which allows remote attackers to trigger a NULL pointer dereference via crafted picture data. ====================================================== Name: CVE-2013-0861 Status: Candidate URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0861 Final-Decision: Interim-Decision: Modified: Proposed: Assigned: 20130107 Category: Reference: CONFIRM:http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=43c6b45a53a186a187f7266e4d6bd3c2620519f1 Reference: CONFIRM:http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=4cd1dad91ae97fe1f0dd534c3f5566787566f137 Reference: CONFIRM:http://www.ffmpeg.org/security.html The avcodec_decode_audio4 function in libavcodec/utils.c in FFmpeg before 1.0.4 and 1.1.x before 1.1.1 allows remote attackers to trigger memory corruption via vectors related to the channel layout. ====================================================== Name: CVE-2013-0862 Status: Candidate URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0862 Final-Decision: Interim-Decision: Modified: Proposed: Assigned: 20130107 Category: Reference: CONFIRM:http://git.videolan.org/?p=ffmpeg.git;a=commit;h=f4fb841ad13bab66d4fb0c7ff2a94770df7815d8 Reference: CONFIRM:http://www.ffmpeg.org/security.html Multiple integer overflows in the process_frame_obj function in libavcodec/sanm.c in FFmpeg before 1.1.2 allow remote attackers to have an unspecified impact via crafted image dimensions in LucasArts Smush video data, which triggers an out-of-bounds array access. ====================================================== Name: CVE-2013-0863 Status: Candidate URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0863 Final-Decision: Interim-Decision: Modified: Proposed: Assigned: 20130107 Category: Reference: CONFIRM:http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=62c9beda0c189db5cb61fa772057e3af9521f293 Reference: CONFIRM:http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=89e16e675d3cbe76cf4581f98bf4ac300cab0286 Reference: CONFIRM:http://www.ffmpeg.org/security.html Buffer overflow in the rle_decode function in libavcodec/sanm.c in FFmpeg before 1.0.4 and 1.1.x before 1.1.2 allows remote attackers to have an unspecified impact via crafted LucasArts Smush video data. ====================================================== Name: CVE-2013-0864 Status: Candidate URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0864 Final-Decision: Interim-Decision: Modified: Proposed: Assigned: 20130107 Category: Reference: CONFIRM:http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=9547034f9120187e23ad76424dd4d70247e62212 Reference: CONFIRM:http://www.ffmpeg.org/security.html The gif_copy_img_rect function in libavcodec/gifdec.c in FFmpeg before 1.1.2 performs an incorrect calculation for an "end pointer," which allows remote attackers to have an unspecified impact via crafted GIF data that triggers an out-of-bounds array access. ====================================================== Name: CVE-2013-0865 Status: Candidate URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0865 Final-Decision: Interim-Decision: Modified: Proposed: Assigned: 20130107 Category: Reference: CONFIRM:http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=08e2c7a45f82b897a285548c257972eb1ad352c5 Reference: CONFIRM:http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=f3d16706060ab6ae6dc78f15359fab3fd87c9495 Reference: CONFIRM:http://www.ffmpeg.org/security.html The vqa_decode_chunk function in libavcodec/vqavideo.c in FFmpeg before 1.0.4 and 1.1.x before 1.1.2 allows remote attackers to have an unspecified impact via a large (1) cbp0 or (2) cbpz chunk in Westwood Studios VQA Video file, which triggers an out-of-bounds write. ====================================================== Name: CVE-2013-0866 Status: Candidate URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0866 Final-Decision: Interim-Decision: Modified: Proposed: Assigned: 20130107 Category: Reference: CONFIRM:http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=47e462eecc0a47ad40f59376199f93f227e21d13 Reference: CONFIRM:http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=c459c7b23efffab762560e41ad6a2c0dbbfd4915 Reference: CONFIRM:http://www.ffmpeg.org/security.html The aac_decode_init function in libavcodec/aacdec.c in FFmpeg before 1.0.4 and 1.1.x before 1.1.2 allows remote attackers to have an unspecified impact via a large number of channels in an AAC file, which triggers an out-of-bounds array access. ====================================================== Name: CVE-2013-0867 Status: Candidate URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0867 Final-Decision: Interim-Decision: Modified: Proposed: Assigned: 20130107 Category: Reference: CONFIRM:http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=3ef1538121fa6daeb1767510f1d4ae2c306c9fec Reference: CONFIRM:http://www.ffmpeg.org/security.html The decode_slice_header function in libavcodec/h264.c in FFmpeg before 1.1.2 does not properly check when the pixel format changes, which allows remote attackers to have unspecified impact via crafted H.264 video data, related to an out-of-bounds array access. ====================================================== Name: CVE-2013-0868 Status: Candidate URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0868 Final-Decision: Interim-Decision: Modified: Proposed: Assigned: 20130107 Category: Reference: CONFIRM:http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=6baa54924980e1f0e8121e4715d16ed1adcd2a23 Reference: CONFIRM:http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=75e88db33013eaa7ab74457f5556df677b4ffb42 Reference: CONFIRM:http://www.ffmpeg.org/security.html libavcodec/huffyuvdec.c in FFmpeg before 1.1.2 allows remote attackers to have an unspecified impact via crafted Huffyuv data, related to an out-of-bounds write and (1) unchecked return codes from the init_vlc function and (2) "len==0 cases." ====================================================== Name: CVE-2013-0869 Status: Candidate URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0869 Final-Decision: Interim-Decision: Modified: Proposed: Assigned: 20130107 Category: Reference: CONFIRM:http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=eaa9d2cd6b8c1e2722d5bfc56ea67fde865200ce Reference: CONFIRM:http://www.ffmpeg.org/security.html The field_end function in libavcodec/h264.c in FFmpeg before 1.1.2 allows remote attackers to have an unspecified impact via crafted H.264 data, related to an SPS and slice mismatch and an out-of-bounds array access. Reproducible: Steps to Reproduce:
Source RPM: (none) => ffmpeg
Adding all these CVEs in this bug and worry about dupes or if it's been fixed later.
It doesn't appear that any of those CVEs are relevant for us, as we already have versions 1.1.5 in Mageia 3 and 2.0.2 in Cauldron. That being said, I've meant to update ffmpeg just because, and forgot to do so before Mageia 2 closed. You might want to update to 0.10.10 that I just checked into Mageia 2 SVN for MBS. For Mageia 3, we should update to 1.1.7 that I just checked into SVN. It has apparently become impossible to find information on security fixes in ffmpeg, so it'd probably just be a MGAA announced as a bugfix update, unless you have more information.
http://ffmpeg.org/security.html does not say much.
(In reply to Oden Eriksson from comment #3) > http://ffmpeg.org/security.html does not say much. No and it's never up to date, but at least their git commit messages used to identify the CVEs being fixed. They don't do that anymore.
In the #ffmpeg-devel channel: <oden> hello. trying to understand what security fixes has been fixed in 0.10 since 0.10.6 to 0.10.10. http://ffmpeg.org/security.html does not say. <michaelni> oden, ill try to update the page, but 0.10 is quite old
(In reply to Oden Eriksson from comment #5) > In the #ffmpeg-devel channel: > > <oden> hello. trying to understand what security fixes has been fixed in > 0.10 since 0.10.6 to 0.10.10. http://ffmpeg.org/security.html does not say. > <michaelni> oden, ill try to update the page, but 0.10 is quite old <michaelni> oden, security page updated, ill add CVE# where they are missing as soon as they are assigned
http://www.openwall.com/lists/oss-security/2013/11/26/7 <- for FFmpeg 2.1
(In reply to Oden Eriksson from comment #6) > (In reply to Oden Eriksson from comment #5) > > In the #ffmpeg-devel channel: > > > > <oden> hello. trying to understand what security fixes has been fixed in > > 0.10 since 0.10.6 to 0.10.10. http://ffmpeg.org/security.html does not say. > > <michaelni> oden, ill try to update the page, but 0.10 is quite old > > <michaelni> oden, security page updated, ill add CVE# where they are missing > as soon as they are assigned <michaelni> oden, there where some things backported that may or may not be security relevant, for example a infinite loop fix, also there was some fixes merged from libav that i belive where redundant and fixed previously. also i dont think any ffmpeg version or fork from the 0.10 times is completely free of security issues
I've ffmpeg to versions 1.1.8 for Mageia 3 and 2.0.3 for Mageia 4. I don't know what all security vulnerabilities were fixed since 1.1.5, as they don't usually tag commits with CVEs anymore. Version 1.1.8 has commits that indicate CVE-2012-6617 and CVE-2013-0845, so we at least have those two, but I don't want to include an incomplete list in the advisory. If anyone can obtain more information about this, we could enhance the advisory. This bug will be for the Mageia 3 update, and we'll use Bug 12698 for the Mageia 4 update. Advisory: ======================== Updated ffmpeg packages fix security vulnerabilities: This updates provides ffmpeg version 1.1.8, which fixes several unspecified security vulnerabilities and other bugs which were corrected upstream. References: http://git.videolan.org/?p=ffmpeg.git;a=log;h=n1.1.8 http://ffmpeg.org/olddownload.html ======================== Updated packages in {core,tainted}/updates_testing: ======================== ffmpeg-1.1.8-1.mga3 libavcodec54-1.1.8-1.mga3 libpostproc52-1.1.8-1.mga3 libavformat54-1.1.8-1.mga3 libavutil52-1.1.8-1.mga3 libswscaler2-1.1.8-1.mga3 libavfilter3-1.1.8-1.mga3 libswresample0-1.1.8-1.mga3 libffmpeg-devel-1.1.8-1.mga3 libffmpeg-static-devel-1.1.8-1.mga3 from ffmpeg-1.1.8-1.mga3.src.rpm
Assignee: bugsquad => qa-bugs
Summary: Multiple vulnerabilities in ffmpeg => ffmpeg update to 1.1.8
Basic testing procedure at https://bugs.mageia.org/show_bug.cgi?id=8065#c6 Don't forget to test packages from both core and tainted.
CC: (none) => stormiWhiteboard: (none) => has_procedure
Testing complete Mageia 3 x86_64.
CC: (none) => remiWhiteboard: has_procedure => has_procedure MGA3-64-OK
Testing mga3 32
Testing complete mga3 32
Whiteboard: has_procedure MGA3-64-OK => has_procedure mga3-32-ok MGA3-64-OK
Advisory uploaded. Validating. Could sysadmin please push to 3 updates Thanks
Keywords: (none) => validated_updateWhiteboard: has_procedure mga3-32-ok MGA3-64-OK => has_procedure advisory mga3-32-ok MGA3-64-OKCC: (none) => sysadmin-bugs
Update pushed: http://advisories.mageia.org/MGASA-2014-0066.html
Status: NEW => RESOLVEDCC: (none) => tmbResolution: (none) => FIXED
URL: (none) => http://lwn.net/Vulnerabilities/586334/CC: (none) => luigiwalser