MDVSA-2012:074-1

Package name
ffmpeg
Date
2012-08-30
Advisory ID
MDVSA-2012:074-1
Affected versions
MES5 i586 , MES5 x86_64

Problem description

Multiple vulnerabilities has been found and corrected in ffmpeg:

The Matroska format decoder in FFmpeg does not properly allocate
memory, which allows remote attackers to execute arbitrary code via
a crafted file (CVE-2011-3362, CVE-2011-3504).

cavsdec.c in libavcodec in FFmpeg allows remote attackers to cause
a denial of service (incorrect write operation and application
crash) via an invalid bitstream in a Chinese AVS video (aka CAVS)
file, related to the decode_residual_block, check_for_slice,
and cavs_decode_frame functions, a different vulnerability than
CVE-2011-3362 (CVE-2011-3973).

Integer signedness error in the decode_residual_inter function in
cavsdec.c in libavcodec in FFmpeg allows remote attackers to cause a
denial of service (incorrect write operation and application crash)
via an invalid bitstream in a Chinese AVS video (aka CAVS) file,
a different vulnerability than CVE-2011-3362 (CVE-2011-3974).

FFmpeg does not properly implement the MKV and Vorbis media
handlers, which allows remote attackers to cause a denial of service
(out-of-bounds read) via unspecified vectors (CVE-2011-3893).

Heap-based buffer overflow in the Vorbis decoder in FFmpeg allows
remote attackers to cause a denial of service or possibly have
unspecified other impact via a crafted stream (CVE-2011-3895).

An error within the QDM2 decoder (libavcodec/qdm2.c) can be exploited
to cause a buffer overflow (CVE-2011-4351).

An integer overflow error within the "vp3_dequant()" function
(libavcodec/vp3.c) can be exploited to cause a buffer overflow
(CVE-2011-4352).

Errors within the "av_image_fill_pointers()", the "vp5_parse_coeff()",
and the "vp6_parse_coeff()" functions can be exploited to trigger
out-of-bounds reads (CVE-2011-4353).

It was discovered that Libav incorrectly handled certain malformed
VMD files. If a user were tricked into opening a crafted VMD file,
an attacker could cause a denial of service via application crash,
or possibly execute arbitrary code with the privileges of the user
invoking the program (CVE-2011-4364).

It was discovered that Libav incorrectly handled certain malformed SVQ1
streams. If a user were tricked into opening a crafted SVQ1 stream
file, an attacker could cause a denial of service via application
crash, or possibly execute arbitrary code with the privileges of the
user invoking the program (CVE-2011-4579).

The updated packages have been upgraded to the 0.5.9 version where
these issues has been corrected.

Additionally a couple of packages needed to be rebuilt for the new
ffmpeg version and is also being provided with this advisory.

Update:

A missing dependency was discovered which prevented the sox library
from installing properly. This updated advisory provided the missing
libwavpack1 and lib64wavpack1 packages.

Updated packages

MES5 i586

 e5eb142288909af6edc2a4e8de5da929  mes5/i586/libwavpack1-4.50.1-1.1mdvmes5.2.i586.rpm
 3c13b4549f16fc37a1f1a2c26eb4b0ca  mes5/i586/libwavpack-devel-4.50.1-1.1mdvmes5.2.i586.rpm
 a2b9c040c0716a2f857db06216a804bb  mes5/i586/wavpack-4.50.1-1.1mdvmes5.2.i586.rpm 
 f918f7bee89f6b3683709dfe936208df  mes5/SRPMS/wavpack-4.50.1-1.1mdvmes5.2.src.rpm

MES5 x86_64

 fa81de9663db8946cd5b3e86a8696291  mes5/x86_64/lib64wavpack1-4.50.1-1.1mdvmes5.2.x86_64.rpm
 b31e5c045f36791a2b2dea8b9a9052fb  mes5/x86_64/lib64wavpack-devel-4.50.1-1.1mdvmes5.2.x86_64.rpm
 35acbdb69bd2d53c1c425ae75273380d  mes5/x86_64/wavpack-4.50.1-1.1mdvmes5.2.x86_64.rpm 
 f918f7bee89f6b3683709dfe936208df  mes5/SRPMS/wavpack-4.50.1-1.1mdvmes5.2.src.rpm

References