Package name
ffmpeg
Date
2011-04-01
Advisory ID
MDVSA-2011:060
Affected versions
2009.0 x86_64 , 2009.0 i586 , MES5 i586 , MES5 x86_64

Problem description

Multiple vulnerabilities has been identified and fixed in ffmpeg:

oggparsevorbis.c in FFmpeg 0.5 does not properly perform certain
pointer arithmetic, which might allow remote attackers to obtain
sensitive memory contents and cause a denial of service via a crafted
file that triggers an out-of-bounds read. (CVE-2009-4632)

vorbis_dec.c in FFmpeg 0.5 uses an assignment operator when a
comparison operator was intended, which might allow remote attackers
to cause a denial of service and possibly execute arbitrary code via
a crafted file that modifies a loop counter and triggers a heap-based
buffer overflow. (CVE-2009-4633)

Multiple integer underflows in FFmpeg 0.5 allow remote attackers to
cause a denial of service and possibly execute arbitrary code via a
crafted file that (1) bypasses a validation check in vorbis_dec.c
and triggers a wraparound of the stack pointer, or (2) access a
pointer from out-of-bounds memory in mov.c, related to an elst tag
that appears before a tag that creates a stream. (CVE-2009-4634)

FFmpeg 0.5 allows remote attackers to cause a denial of service and
possibly execute arbitrary code via a crafted MOV container with
improperly ordered tags that cause (1) mov.c and (2) utils.c to use
inconsistent codec types and identifiers, which causes the mp3 decoder
to process a pointer for a video structure, leading to a stack-based
buffer overflow. (CVE-2009-4635)

The av_rescale_rnd function in the AVI demuxer in FFmpeg 0.5 allows
remote attackers to cause a denial of service (crash) via a crafted
AVI file that triggers a divide-by-zero error. (CVE-2009-4639)

Array index error in vorbis_dec.c in FFmpeg 0.5 allows remote
attackers to cause a denial of service and possibly execute arbitrary
code via a crafted Vorbis file that triggers an out-of-bounds
read. (CVE-2009-4640)

flicvideo.c in libavcodec 0.6 and earlier in FFmpeg, as used in MPlayer
and other products, allows remote attackers to execute arbitrary code
via a crafted flic file, related to an arbitrary offset dereference
vulnerability. (CVE-2010-3429)

libavcodec/vorbis_dec.c in the Vorbis decoder in FFmpeg 0.6.1
and earlier allows remote attackers to cause a denial of service
(application crash) via a crafted .ogg file, related to the
vorbis_floor0_decode function. (CVE-2010-4704)

And several additional vulnerabilites originally discovered by Google
Chrome developers were also fixed with this advisory.

Packages for 2009.0 are provided as of the Extended Maintenance
Program. Please visit this link to learn more:
http://store.mandriva.com/product_info.php?cPath=149&products_id=490

The updated packages have been patched to correct these issues.

Updated packages

2009.0 x86_64

 03d2549605505e1c22ebb95d83b2657b  2009.0/x86_64/ffmpeg-0.4.9-3.pre1.14161.1.4mdv2009.0.x86_64.rpm
 b4e51f531b91947b68224adb0b7da78b  2009.0/x86_64/lib64avformats52-0.4.9-3.pre1.14161.1.4mdv2009.0.x86_64.rpm
 304a2ba3024d20e6c61d499d9d77daa0  2009.0/x86_64/lib64avutil49-0.4.9-3.pre1.14161.1.4mdv2009.0.x86_64.rpm
 f772b82b558dc0cb8ce7f643c23b1214  2009.0/x86_64/lib64ffmpeg51-0.4.9-3.pre1.14161.1.4mdv2009.0.x86_64.rpm
 d60e53babfdfced4c42e15e881c1de11  2009.0/x86_64/lib64ffmpeg-devel-0.4.9-3.pre1.14161.1.4mdv2009.0.x86_64.rpm
 e7b0f5257f4859d35c33d7d9cfaf601c  2009.0/x86_64/lib64ffmpeg-static-devel-0.4.9-3.pre1.14161.1.4mdv2009.0.x86_64.rpm
 a585acd8d62940593fca0aafc9b1dc96  2009.0/x86_64/lib64swscaler0-0.4.9-3.pre1.14161.1.4mdv2009.0.x86_64.rpm 
 c8cf3cef711e1a6d51bcb666030e1f42  2009.0/SRPMS/ffmpeg-0.4.9-3.pre1.14161.1.4mdv2009.0.src.rpm

2009.0 i586

 35b8598a8ba305854c81884350072070  2009.0/i586/ffmpeg-0.4.9-3.pre1.14161.1.4mdv2009.0.i586.rpm
 537c6ed300c14bd4c6dac8b9ea98349a  2009.0/i586/libavformats52-0.4.9-3.pre1.14161.1.4mdv2009.0.i586.rpm
 847b11c0bb86959f9712cb2beced7648  2009.0/i586/libavutil49-0.4.9-3.pre1.14161.1.4mdv2009.0.i586.rpm
 6bad47923019bdd3e17209956955919e  2009.0/i586/libffmpeg51-0.4.9-3.pre1.14161.1.4mdv2009.0.i586.rpm
 c49eeeda4be62fdcc57b0b42eff2005b  2009.0/i586/libffmpeg-devel-0.4.9-3.pre1.14161.1.4mdv2009.0.i586.rpm
 c06661882ab8613b23712898751856af  2009.0/i586/libffmpeg-static-devel-0.4.9-3.pre1.14161.1.4mdv2009.0.i586.rpm
 a9ef39faaa7a3054c846471ed95510a1  2009.0/i586/libswscaler0-0.4.9-3.pre1.14161.1.4mdv2009.0.i586.rpm 
 c8cf3cef711e1a6d51bcb666030e1f42  2009.0/SRPMS/ffmpeg-0.4.9-3.pre1.14161.1.4mdv2009.0.src.rpm

MES5 i586

 3a36c497bde8a3e9fd34f0cd029d0392  mes5/i586/ffmpeg-0.4.9-3.pre1.14161.1.4mdvmes5.2.i586.rpm
 3f06c90d4ec2332f295a6b947dd57ab5  mes5/i586/libavformats52-0.4.9-3.pre1.14161.1.4mdvmes5.2.i586.rpm
 d9aab1dbf20a5e14c824ee003941763b  mes5/i586/libavutil49-0.4.9-3.pre1.14161.1.4mdvmes5.2.i586.rpm
 5917203833e406e431fcf3cfba2fe7de  mes5/i586/libffmpeg51-0.4.9-3.pre1.14161.1.4mdvmes5.2.i586.rpm
 d3ac8c102cf086501d4fd256155941ac  mes5/i586/libffmpeg-devel-0.4.9-3.pre1.14161.1.4mdvmes5.2.i586.rpm
 b42248fb015e570a89923d1a60728ead  mes5/i586/libffmpeg-static-devel-0.4.9-3.pre1.14161.1.4mdvmes5.2.i586.rpm
 48ce261f950e4730ac76bebf65c4acc7  mes5/i586/libswscaler0-0.4.9-3.pre1.14161.1.4mdvmes5.2.i586.rpm 
 b332f476834cc59ea192f36bf9f1521c  mes5/SRPMS/ffmpeg-0.4.9-3.pre1.14161.1.4mdvmes5.2.src.rpm

MES5 x86_64

 897a2646af3535baeb15ec92bd912443  mes5/x86_64/ffmpeg-0.4.9-3.pre1.14161.1.4mdvmes5.2.x86_64.rpm
 c270cb8f505340f3b23c6e862b6a61ae  mes5/x86_64/lib64avformats52-0.4.9-3.pre1.14161.1.4mdvmes5.2.x86_64.rpm
 3bcc81db2dce4cfe4e62f8828d710ef2  mes5/x86_64/lib64avutil49-0.4.9-3.pre1.14161.1.4mdvmes5.2.x86_64.rpm
 556dccfb35d1b7ae34e3a98ff50392f9  mes5/x86_64/lib64ffmpeg51-0.4.9-3.pre1.14161.1.4mdvmes5.2.x86_64.rpm
 ca12abb36b5abd916f3e94c19b02d10c  mes5/x86_64/lib64ffmpeg-devel-0.4.9-3.pre1.14161.1.4mdvmes5.2.x86_64.rpm
 63ea4c46741919fe690beb94e85cfd92  mes5/x86_64/lib64ffmpeg-static-devel-0.4.9-3.pre1.14161.1.4mdvmes5.2.x86_64.rpm
 d87ceee8d1befd22d04e3f4f78e5e52b  mes5/x86_64/lib64swscaler0-0.4.9-3.pre1.14161.1.4mdvmes5.2.x86_64.rpm 
 b332f476834cc59ea192f36bf9f1521c  mes5/SRPMS/ffmpeg-0.4.9-3.pre1.14161.1.4mdvmes5.2.src.rpm

References