Package name
ffmpeg
Date
2012-05-15
Advisory ID
MDVSA-2012:075
Affected versions
2010.1 i586 , 2010.1 x86_64

Problem description

Multiple vulnerabilities has been found and corrected in ffmpeg:

The Matroska format decoder in FFmpeg does not properly allocate
memory, which allows remote attackers to execute arbitrary code via
a crafted file (CVE-2011-3362, CVE-2011-3504).

cavsdec.c in libavcodec in FFmpeg allows remote attackers to cause
a denial of service (incorrect write operation and application
crash) via an invalid bitstream in a Chinese AVS video (aka CAVS)
file, related to the decode_residual_block, check_for_slice,
and cavs_decode_frame functions, a different vulnerability than
CVE-2011-3362 (CVE-2011-3973).

Integer signedness error in the decode_residual_inter function in
cavsdec.c in libavcodec in FFmpeg allows remote attackers to cause a
denial of service (incorrect write operation and application crash)
via an invalid bitstream in a Chinese AVS video (aka CAVS) file,
a different vulnerability than CVE-2011-3362 (CVE-2011-3974).

Double free vulnerability in the Theora decoder in FFmpeg allows remote
attackers to cause a denial of service or possibly have unspecified
other impact via a crafted stream (CVE-2011-3892).

FFmpeg does not properly implement the MKV and Vorbis media
handlers, which allows remote attackers to cause a denial of service
(out-of-bounds read) via unspecified vectors (CVE-2011-3893).

Heap-based buffer overflow in the Vorbis decoder in FFmpeg allows
remote attackers to cause a denial of service or possibly have
unspecified other impact via a crafted stream (CVE-2011-3895).

An error within the QDM2 decoder (libavcodec/qdm2.c) can be exploited
to cause a buffer overflow (CVE-2011-4351).

An integer overflow error within the "vp3_dequant()" function
(libavcodec/vp3.c) can be exploited to cause a buffer overflow
(CVE-2011-4352).

Errors within the "av_image_fill_pointers()", the "vp5_parse_coeff()",
and the "vp6_parse_coeff()" functions can be exploited to trigger
out-of-bounds reads (CVE-2011-4353).

It was discovered that Libav incorrectly handled certain malformed
VMD files. If a user were tricked into opening a crafted VMD file,
an attacker could cause a denial of service via application crash,
or possibly execute arbitrary code with the privileges of the user
invoking the program (CVE-2011-4364).

It was discovered that Libav incorrectly handled certain malformed SVQ1
streams. If a user were tricked into opening a crafted SVQ1 stream
file, an attacker could cause a denial of service via application
crash, or possibly execute arbitrary code with the privileges of the
user invoking the program (CVE-2011-4579).

The updated packages have been upgraded to the 0.6.5 version where
these issues has been corrected.

Updated packages

2010.1 i586

 76f5e3a4f91e96e5ba189d5b5841537c  2010.1/i586/ffmpeg-0.6.5-0.1mdv2010.2.i586.rpm
 8ef35b10c5424f0426a883ec4e45c955  2010.1/i586/libavformats52-0.6.5-0.1mdv2010.2.i586.rpm
 9d6f71fbc09e19c8c4c585a7b68a7dbb  2010.1/i586/libavutil50-0.6.5-0.1mdv2010.2.i586.rpm
 e23906f8e8ba32a8d045a22dff998680  2010.1/i586/libffmpeg52-0.6.5-0.1mdv2010.2.i586.rpm
 807975400e7e27acb302f65e963e7637  2010.1/i586/libffmpeg-devel-0.6.5-0.1mdv2010.2.i586.rpm
 8966bf8167413bae2257ce348487f92c  2010.1/i586/libffmpeg-static-devel-0.6.5-0.1mdv2010.2.i586.rpm
 5e74f9d11c703f2b0cfa478d56252631  2010.1/i586/libpostproc51-0.6.5-0.1mdv2010.2.i586.rpm
 6acd1b55535e3e198252efdbe35c3bb1  2010.1/i586/libswscaler0-0.6.5-0.1mdv2010.2.i586.rpm 
 d2fa2388afa05744216322c07e643db0  2010.1/SRPMS/ffmpeg-0.6.5-0.1mdv2010.2.src.rpm

2010.1 x86_64

 e3c5a778ee768e51333705dc6174f778  2010.1/x86_64/ffmpeg-0.6.5-0.1mdv2010.2.x86_64.rpm
 962e01f7fa44c306ce9b20d91e6349b9  2010.1/x86_64/lib64avformats52-0.6.5-0.1mdv2010.2.x86_64.rpm
 ca6036a91e3dbdfd788c0f6e6bd909f5  2010.1/x86_64/lib64avutil50-0.6.5-0.1mdv2010.2.x86_64.rpm
 f20c014495e8956f94fe52544bf15fe1  2010.1/x86_64/lib64ffmpeg52-0.6.5-0.1mdv2010.2.x86_64.rpm
 66512d0d4a7b8b26dd91a49153dac0e8  2010.1/x86_64/lib64ffmpeg-devel-0.6.5-0.1mdv2010.2.x86_64.rpm
 ee7bf41983b6a493e3ba2560db2b6d73  2010.1/x86_64/lib64ffmpeg-static-devel-0.6.5-0.1mdv2010.2.x86_64.rpm
 ecb6241b62e646951400e0c018411ebe  2010.1/x86_64/lib64postproc51-0.6.5-0.1mdv2010.2.x86_64.rpm
 02acf40f10ea8a52b57bff736b3e00bc  2010.1/x86_64/lib64swscaler0-0.6.5-0.1mdv2010.2.x86_64.rpm 
 d2fa2388afa05744216322c07e643db0  2010.1/SRPMS/ffmpeg-0.6.5-0.1mdv2010.2.src.rpm

References