MDVSA-2012:074

Package name

ffmpeg

Date

2012-05-14

Advisory ID

MDVSA-2012:074

Affected versions

MES5 i586 , MES5 x86_64

Problem description

Multiple vulnerabilities has been found and corrected in ffmpeg:

The Matroska format decoder in FFmpeg does not properly allocate
memory, which allows remote attackers to execute arbitrary code via
a crafted file (CVE-2011-3362, CVE-2011-3504).

cavsdec.c in libavcodec in FFmpeg allows remote attackers to cause
a denial of service (incorrect write operation and application
crash) via an invalid bitstream in a Chinese AVS video (aka CAVS)
file, related to the decode_residual_block, check_for_slice,
and cavs_decode_frame functions, a different vulnerability than
CVE-2011-3362 (CVE-2011-3973).

Integer signedness error in the decode_residual_inter function in
cavsdec.c in libavcodec in FFmpeg allows remote attackers to cause a
denial of service (incorrect write operation and application crash)
via an invalid bitstream in a Chinese AVS video (aka CAVS) file,
a different vulnerability than CVE-2011-3362 (CVE-2011-3974).

FFmpeg does not properly implement the MKV and Vorbis media
handlers, which allows remote attackers to cause a denial of service
(out-of-bounds read) via unspecified vectors (CVE-2011-3893).

Heap-based buffer overflow in the Vorbis decoder in FFmpeg allows
remote attackers to cause a denial of service or possibly have
unspecified other impact via a crafted stream (CVE-2011-3895).

An error within the QDM2 decoder (libavcodec/qdm2.c) can be exploited
to cause a buffer overflow (CVE-2011-4351).

An integer overflow error within the "vp3_dequant()" function
(libavcodec/vp3.c) can be exploited to cause a buffer overflow
(CVE-2011-4352).

Errors within the "av_image_fill_pointers()", the "vp5_parse_coeff()",
and the "vp6_parse_coeff()" functions can be exploited to trigger
out-of-bounds reads (CVE-2011-4353).

It was discovered that Libav incorrectly handled certain malformed
VMD files. If a user were tricked into opening a crafted VMD file,
an attacker could cause a denial of service via application crash,
or possibly execute arbitrary code with the privileges of the user
invoking the program (CVE-2011-4364).

It was discovered that Libav incorrectly handled certain malformed SVQ1
streams. If a user were tricked into opening a crafted SVQ1 stream
file, an attacker could cause a denial of service via application
crash, or possibly execute arbitrary code with the privileges of the
user invoking the program (CVE-2011-4579).

The updated packages have been upgraded to the 0.5.9 version where
these issues has been corrected.

Additionally a couple of packages needed to be rebuilt for the new
ffmpeg version and is also being provided with this advisory.

Updated packages

MES5 i586

 0fdb49826f72c882160194a2b69a5c87  mes5/i586/alsa-plugins-doc-1.0.18-1.3mdvmes5.2.i586.rpm
 a9184e748cedd56e29a8e8f8320e8e7f  mes5/i586/alsa-plugins-pulse-config-1.0.18-1.3mdvmes5.2.i586.rpm
 a2cd850d45fc78fbfbaaa1b5f1f26cb3  mes5/i586/ffmpeg-0.5.9-0.1mdvmes5.2.i586.rpm
 934e1dc981e21c900b061d35ff4f07f8  mes5/i586/libalsa-plugins-1.0.18-1.3mdvmes5.2.i586.rpm
 35cf79d3b7d0bed70062490c234a3a96  mes5/i586/libalsa-plugins-jack-1.0.18-1.3mdvmes5.2.i586.rpm
 463cc419b2884f4679b892178a3a337b  mes5/i586/libalsa-plugins-pulseaudio-1.0.18-1.3mdvmes5.2.i586.rpm
 5a4fbe9f761a13d68dbd2a21eb16b792  mes5/i586/libavformats52-0.5.9-0.1mdvmes5.2.i586.rpm
 26962af25fa57974623890fb3677fd7f  mes5/i586/libavutil49-0.5.9-0.1mdvmes5.2.i586.rpm
 d763fdf58e3df9e1f983f9b3fca0b5dc  mes5/i586/libffmpeg52-0.5.9-0.1mdvmes5.2.i586.rpm
 001f3283c3e5c4613b27eb2e0e16c67e  mes5/i586/libffmpeg-devel-0.5.9-0.1mdvmes5.2.i586.rpm
 beab6d8b916aee5612dd19d911baeb28  mes5/i586/libffmpeg-static-devel-0.5.9-0.1mdvmes5.2.i586.rpm
 aeebaae0004f02a4d93251449dcb4a32  mes5/i586/libpostproc51-0.5.9-0.1mdvmes5.2.i586.rpm
 f1316e064b6a1eee639db109e6d914cb  mes5/i586/libsox1-14.3.0-0.1mdvmes5.2.i586.rpm
 d3ada9d56563250589ae5ebf0965c9f0  mes5/i586/libsox-devel-14.3.0-0.1mdvmes5.2.i586.rpm
 1142b3b17f5111d1461bf903433d48fc  mes5/i586/libswscaler0-0.5.9-0.1mdvmes5.2.i586.rpm
 f8b48a8125687623eafc58ea85576138  mes5/i586/sox-14.3.0-0.1mdvmes5.2.i586.rpm 
 ebbc02efc1cecabcd1bc690c037f6661  mes5/SRPMS/alsa-plugins-1.0.18-1.3mdvmes5.2.src.rpm
 234640efe0b95b9024908b7288b32e8b  mes5/SRPMS/ffmpeg-0.5.9-0.1mdvmes5.2.src.rpm
 15fc65b510c9db52c6a1a24eb8757543  mes5/SRPMS/sox-14.3.0-0.1mdvmes5.2.src.rpm

MES5 x86_64

 9f84db2778fc1f811bada3de7b6d4bfa  mes5/x86_64/alsa-plugins-doc-1.0.18-1.3mdvmes5.2.x86_64.rpm
 1d59606b054a936336eaccf54873d81d  mes5/x86_64/alsa-plugins-pulse-config-1.0.18-1.3mdvmes5.2.x86_64.rpm
 50b0809d47ff5a08a390732ab8e0a933  mes5/x86_64/ffmpeg-0.5.9-0.1mdvmes5.2.x86_64.rpm
 088e6dc595a71490d6d9f46e558a6726  mes5/x86_64/lib64alsa-plugins-1.0.18-1.3mdvmes5.2.x86_64.rpm
 37fda2dabd87de004441841b59d391b5  mes5/x86_64/lib64alsa-plugins-jack-1.0.18-1.3mdvmes5.2.x86_64.rpm
 734ccbb72c0f4fd4202e1d2479b3b00c  mes5/x86_64/lib64alsa-plugins-pulseaudio-1.0.18-1.3mdvmes5.2.x86_64.rpm
 6d2178f975d930a5824ef91020fc1cdb  mes5/x86_64/lib64avformats52-0.5.9-0.1mdvmes5.2.x86_64.rpm
 ca395249e3f8c7d1f5e63ffe71302cc0  mes5/x86_64/lib64avutil49-0.5.9-0.1mdvmes5.2.x86_64.rpm
 6d6fe319ed45c1699432b88032ebc3b1  mes5/x86_64/lib64ffmpeg52-0.5.9-0.1mdvmes5.2.x86_64.rpm
 e4ede05f09b5f59c0f672ec2aa5dc699  mes5/x86_64/lib64ffmpeg-devel-0.5.9-0.1mdvmes5.2.x86_64.rpm
 96c86a1f1d85a5e30c319f4f16879a5c  mes5/x86_64/lib64ffmpeg-static-devel-0.5.9-0.1mdvmes5.2.x86_64.rpm
 0887b3218482cac483f3d71c93172cad  mes5/x86_64/lib64postproc51-0.5.9-0.1mdvmes5.2.x86_64.rpm
 32929df8af1400096cc801bdee36e6c9  mes5/x86_64/lib64sox1-14.3.0-0.1mdvmes5.2.x86_64.rpm
 22485b182e669a22f875d0103729a25c  mes5/x86_64/lib64sox-devel-14.3.0-0.1mdvmes5.2.x86_64.rpm
 4a9dfb1bae4462e53da91d4f3b055a70  mes5/x86_64/lib64swscaler0-0.5.9-0.1mdvmes5.2.x86_64.rpm
 de5b1e5a5160ac8df7c4727887b00ec6  mes5/x86_64/sox-14.3.0-0.1mdvmes5.2.x86_64.rpm 
 ebbc02efc1cecabcd1bc690c037f6661  mes5/SRPMS/alsa-plugins-1.0.18-1.3mdvmes5.2.src.rpm
 234640efe0b95b9024908b7288b32e8b  mes5/SRPMS/ffmpeg-0.5.9-0.1mdvmes5.2.src.rpm
 15fc65b510c9db52c6a1a24eb8757543  mes5/SRPMS/sox-14.3.0-0.1mdvmes5.2.src.rpm

References

• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4579
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4364
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4353
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4352
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4351
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3895
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3893
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3974
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3973
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3504
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3362