MDVSA-2012:076

Package name
ffmpeg
Date
2012-05-15
Advisory ID
MDVSA-2012:076
Affected versions
2011 i586 , 2011 x86_64

Problem description

Multiple vulnerabilities has been found and corrected in ffmpeg:

The Matroska format decoder in FFmpeg does not properly allocate
memory, which allows remote attackers to execute arbitrary code via
a crafted file (CVE-2011-3362, CVE-2011-3504).

cavsdec.c in libavcodec in FFmpeg allows remote attackers to cause
a denial of service (incorrect write operation and application
crash) via an invalid bitstream in a Chinese AVS video (aka CAVS)
file, related to the decode_residual_block, check_for_slice,
and cavs_decode_frame functions, a different vulnerability than
CVE-2011-3362 (CVE-2011-3973).

Integer signedness error in the decode_residual_inter function in
cavsdec.c in libavcodec in FFmpeg allows remote attackers to cause a
denial of service (incorrect write operation and application crash)
via an invalid bitstream in a Chinese AVS video (aka CAVS) file,
a different vulnerability than CVE-2011-3362 (CVE-2011-3974).

Double free vulnerability in the Theora decoder in FFmpeg allows remote
attackers to cause a denial of service or possibly have unspecified
other impact via a crafted stream (CVE-2011-3892).

FFmpeg does not properly implement the MKV and Vorbis media
handlers, which allows remote attackers to cause a denial of service
(out-of-bounds read) via unspecified vectors (CVE-2011-3893).

Heap-based buffer overflow in the Vorbis decoder in FFmpeg allows
remote attackers to cause a denial of service or possibly have
unspecified other impact via a crafted stream (CVE-2011-3895).

An error within the QDM2 decoder (libavcodec/qdm2.c) can be exploited
to cause a buffer overflow (CVE-2011-4351).

An integer overflow error within the "vp3_dequant()" function
(libavcodec/vp3.c) can be exploited to cause a buffer overflow
(CVE-2011-4352).

Errors within the "av_image_fill_pointers()", the "vp5_parse_coeff()",
and the "vp6_parse_coeff()" functions can be exploited to trigger
out-of-bounds reads (CVE-2011-4353).

It was discovered that Libav incorrectly handled certain malformed
VMD files. If a user were tricked into opening a crafted VMD file,
an attacker could cause a denial of service via application crash,
or possibly execute arbitrary code with the privileges of the user
invoking the program (CVE-2011-4364).

It was discovered that Libav incorrectly handled certain malformed SVQ1
streams. If a user were tricked into opening a crafted SVQ1 stream
file, an attacker could cause a denial of service via application
crash, or possibly execute arbitrary code with the privileges of the
user invoking the program (CVE-2011-4579).

Multiple input validations in the decoders/ demuxers for Westwood
Studios VQA, Apple MJPEG-B, Theora, Matroska, Vorbis, Sony ATRAC3,
DV, NSV, files could lead to the execution of arbitrary code
(CVE-2011-3929, CVE-2011-3936, CVE-2011-3937, CVE-2011-3940,
CVE-2011-3945, CVE-2011-3947, CVE-2012-0853, CVE-2012-0858).

The updated packages have been upgraded to the 0.7.12 version where
these issues has been corrected.

Updated packages

2011 i586

 406a90f3c3aa705f38d562d48e295e03  2011/i586/ffmpeg-0.7.12-0.1-mdv2011.0.i586.rpm
 32129d580b8038edbf9895ec4d7b2fcb  2011/i586/libavfilter1-0.7.12-0.1-mdv2011.0.i586.rpm
 b7f175f1035f4067c9cb94281833180b  2011/i586/libavformats52-0.7.12-0.1-mdv2011.0.i586.rpm
 353614e9f64b6ae0d872d68183de1702  2011/i586/libavutil50-0.7.12-0.1-mdv2011.0.i586.rpm
 d8f5981968b0b6fa6533ff1c0fff3b21  2011/i586/libffmpeg52-0.7.12-0.1-mdv2011.0.i586.rpm
 8afc2be1abb99a531dc264d2c2ca06f2  2011/i586/libffmpeg-devel-0.7.12-0.1-mdv2011.0.i586.rpm
 3388b38d883111b7a9690c6b6e5642cd  2011/i586/libffmpeg-static-devel-0.7.12-0.1-mdv2011.0.i586.rpm
 eab9abe8ff0c3c8f70e0835ff5d86a16  2011/i586/libpostproc51-0.7.12-0.1-mdv2011.0.i586.rpm
 56412a9d476c3afa6eddfb2213197aef  2011/i586/libswscaler0-0.7.12-0.1-mdv2011.0.i586.rpm 
 5c84c76529690066d76d0ab23dcd7c18  2011/SRPMS/ffmpeg-0.7.12-0.1.src.rpm

2011 x86_64

 48d4a2512c540a98a442a9c1d502967e  2011/x86_64/ffmpeg-0.7.12-0.1-mdv2011.0.x86_64.rpm
 d2317215c418f1dc2bbd5501ded9dfa8  2011/x86_64/lib64avfilter1-0.7.12-0.1-mdv2011.0.x86_64.rpm
 7cce3f5255ff1c8443e915fd9dd0cc40  2011/x86_64/lib64avformats52-0.7.12-0.1-mdv2011.0.x86_64.rpm
 39cb1e16f40dd1c3c7a4eefd4099c5a0  2011/x86_64/lib64avutil50-0.7.12-0.1-mdv2011.0.x86_64.rpm
 374bf64c3811af7b1f7c87e614bba01e  2011/x86_64/lib64ffmpeg52-0.7.12-0.1-mdv2011.0.x86_64.rpm
 c7630d17e83608a9b9b11a62acbf55db  2011/x86_64/lib64ffmpeg-devel-0.7.12-0.1-mdv2011.0.x86_64.rpm
 ed5b7e42dcf2ef78b073251286fda9a9  2011/x86_64/lib64ffmpeg-static-devel-0.7.12-0.1-mdv2011.0.x86_64.rpm
 4e380177dd301bca6b706eacc7a8e36b  2011/x86_64/lib64postproc51-0.7.12-0.1-mdv2011.0.x86_64.rpm
 73493c74c9eb57107a9ff5451da1352e  2011/x86_64/lib64swscaler0-0.7.12-0.1-mdv2011.0.x86_64.rpm 
 5c84c76529690066d76d0ab23dcd7c18  2011/SRPMS/ffmpeg-0.7.12-0.1.src.rpm

References