oss-sec mailing list archives
Re: CVE Request: ffmpeg
From: Marc Deslauriers <marc.deslauriers () canonical com>
Date: Mon, 05 Dec 2011 08:58:14 -0500
On Sun, 2011-12-04 at 11:36 -0700, Kurt Seifried wrote:
On 12/04/2011 04:06 AM, Marc Deslauriers wrote:This doesn't seem to have a CVE: An error within the "svq1_decode_frame()" function (libavcodec/svq1dec.c) can be exploited to corrupt memory. http://git.videolan.org/?p=ffmpeg.git;a=commit;h=4931c8f0f10bf8dedcf626104a6b85bfefadc6f2 http://secunia.com/advisories/46888/ http://archives.neohapsis.com/archives/bugtraq/2011-11/0148.htmlThe secunia page lists 3 CVE's and 4 issues with no mappings to CVE's to issues that I can see. Can you reply with the mapping information that you used to determine that this issue was not assigned a CVE (as opposed to one of the other issues)?. Also can you confirm or proove that these 4 issues are all separate and that two of them have not been merged (thus obviating any need for a third CVE)? Thanks in advance. If anyone from Secunia is on this list I'd love to hear from you/any comments on this issue are more then welcome.
Sure! The 3 other issues got CVEs assigned here: http://marc.info/?l=oss-security&m=132205107221272&w=2 CVE-2011-4351 - An error within the QDM2 decoder (libavcodec/qdm2.c) can be exploited to cause a buffer overflow. Seems to be the following commits in libavcodec/qdm2.c (at least the last one, the others seem to be a bit older): http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=491eaf35ae1f9b619441314bec33766e31580184 http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=291d74a46d32183653db07818c7b3407fd50a288 http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=7d49f79f1cd47783a963a757a6563b9cac29db62 http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=14db3af4f26dad8e6ddf2147e96ccc710952ad4d http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=895d258e9ba065d035dd30dbc622423031f0185c Last commit says this fixes NGS00144 CVE-2011-4352 - An integer overflow error within the "vp3_dequant()" function (libavcodec/vp3.c) can be exploited to cause a buffer overflow. Seems to be the following commit in libavcodec/vp3.c: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=eef5c35b4352ec49ca41f6198bee8a976b1f81e5 Commit says this fixes NGS00145 CVE-2011-4353 - Errors within the "av_image_fill_pointers()", the "vp5_parse_coeff()", and the "vp6_parse_coeff()" functions can be exploited to trigger out-of-bounds reads. Seems to be the following commits in libavutil/imgutils.c, libavcodec/vp5.c, libavcodec/vp6.c: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=c693aa6f71b4f539cf9df67ba42f4b1932981687 http://git.videolan.org/?p=ffmpeg.git;a=commit;h=bb4b0ad83b13c3af57675e80163f3f333adef96f http://git.videolan.org/?p=ffmpeg.git;a=commit;h=e0966eb140b3569b3d6b5b5008961944ef229c06 So, the fourth issue, which is fixed by the following commit that matches the description doesn't seem to have a CVE number, and doesn't seem to be related to the others: "An error within the "svq1_decode_frame()" function (libavcodec/svq1dec.c) can be exploited to corrupt memory." http://git.videolan.org/?p=ffmpeg.git;a=commit;h=4931c8f0f10bf8dedcf626104a6b85bfefadc6f2 Commit says it fixes NGS00148. Marc.
Current thread:
- CVE Request: ffmpeg Marc Deslauriers (Dec 04)
- Re: CVE Request: ffmpeg Kurt Seifried (Dec 04)
- Re: CVE Request: ffmpeg Marc Deslauriers (Dec 05)
- Re: CVE Request: ffmpeg Kurt Seifried (Dec 06)
- Re: CVE Request: ffmpeg Marc Deslauriers (Dec 05)
- Re: CVE Request: ffmpeg Kurt Seifried (Dec 04)