Fedora has issued advisories today (November 17): https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/QQJCEQRRPTN5CY5URDFTEJU3A2VKLNBA/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/KSR47ROV33MCI6NPBVCSG5WTU5L4YGIY/ The issue is fixed upstream in 20.09.
In the absence of a particular maintainer for this SRPM, having to assign the bug globally.
Assignee: bugsquad => pkg-bugs
Status comment: (none) => Fixed upstream in 20.09
New version pushed in mga7 src: - libmediainfo-20.09-1.mga7 - mediainfo-20.09-1.mga7 can be tested now, but Need to be pushed AFTER imagemagick update
Assignee: pkg-bugs => qa-bugsCC: (none) => mageia
RPMs: mediainfo-20.09-1.mga7 mediainfo-gui-wx-20.09-1.mga7 mediainfo-gui-qt-20.09-1.mga7 mediainfo-gui-common-20.09-1.mga7 (In reply to Nicolas Lécureuil from comment #2) > can be tested now, but Need to be pushed AFTER imagemagick update Why? I don't see a dependency there.
Status comment: Fixed upstream in 20.09 => (none)
Going ahead with this. mga7, x64 Installed the gui packages and tried out mediainfo-gui. It seems to work OK. No exploits available for the buffer overflow issue. This is the very common problem of string buffer allocation which does not take into account the terminating null byte. Updated the four packages from testing. $ mediainfo tsunami.ts General ID : 0 (0x0) Complete name : tsunami.ts Format : MPEG-TS [...] Video ID : 101 (0x65) Menu ID : 1 (0x1) Format : AVC [...] Audio ID : 102 (0x66) Menu ID : 1 (0x1) Format : AAC LC .... $ mediainfo tsunami.ts | grep Duration Duration : 51 min 35 s Duration : 51 min 35 s Duration : 51 min 35 s $ mediainfo LItalianainAlgeri.wav | egrep -i "codec|duration" Duration : 6 min 51 s Codec ID : 1 Duration : 6 min 51 s Exercized the GUI. $ mediainfo-gui *.wav This presented the gui focused on WAV files only and provided a dropdown menu for the titles. For each title there is General information and Audio information and a link to the website for the audio codec (in theory). For the first one tried, the PCM codec led to a Microsoft site. Invoked without an argument, General, Video, Audio and Text frames are provided and buttons for file navigation and the current directory. Tried .../Videos/Cassini Selected a MOV file. General => QuickTime..... encoded date..... 1 Video stream: JPEG The link to player for this file led to an Apple site. Video => English, .... "Go to the website of this codec" pointed to the same Apple site. Everything seems to be in order apart from the broken link that is a data problem.
CC: (none) => tarazed25Whiteboard: (none) => MGA7-64-OK
Validating.
Keywords: (none) => validated_updateCC: (none) => andrewsfarm, sysadmin-bugs
Advisory: ======================== Updated libmediainfo and mediainfo packages fix security vulnerability: In MediaInfoLib in MediaArea MediaInfo 20.03, there is a stack-based buffer over-read in Streams_Fill_PerStream in Multiple/File_MpegPs.cpp (aka an off-by-one during MpegPs parsing) (CVE-2020-15395). References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15395 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/QQJCEQRRPTN5CY5URDFTEJU3A2VKLNBA/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/KSR47ROV33MCI6NPBVCSG5WTU5L4YGIY/
Advisory committed to SVN.
Keywords: (none) => advisoryCC: (none) => ouaurelienCVE: (none) => CVE-2020-15395
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2021-0134.html
Status: NEW => RESOLVEDResolution: (none) => FIXED
This update also fixed CVE-2020-26797: https://www.debian.org/lts/security/2021/dla-2603 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/AZGJQQT3RJWJ46M75Y4OJ6GQVOXTHUGZ/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/7F3UCQTOAU6MZ2RT54ZS42EUCDDNSKSI/
Summary: mediainfo new security issue CVE-2020-15395 => mediainfo new security issues CVE-2020-15395 and CVE-2020-26797
*** Bug 28992 has been marked as a duplicate of this bug. ***