Re: CVE request: ffmpeg before 0.7.8 and 0.8.7 2 buffer overflows and out-of-bounds read

[Kurt Seifried <kseifried () redhat com>]

On 11/23/2011 08:20 PM, Hanno Böck wrote:
> Am Wed, 23 Nov 2011 13:52:04 -0700
> schrieb Kurt Seifried <kseifried () redhat com>:
>
> > On 11/23/2011 05:23 AM, Hanno Böck wrote:
> > > New ffmpeg releases contain a couple of security fixes:
> > > http://secunia.com/advisories/46888/
> > >
> > > 1) An error within the QDM2 decoder (libavcodec/qdm2.c) can be
> > > exploited to cause a buffer overflow.

Please use CVE-2011-4351 for this issue
> > > 2) An integer overflow error within the "vp3_dequant()" function
> > > (libavcodec/vp3.c) can be exploited to cause a buffer overflow.
Please use CVE-2011-4352 for this issue.

> > > 3) Errors within the "av_image_fill_pointers()", the
> > > "vp5_parse_coeff()", and the "vp6_parse_coeff()" functions can be
> > > exploited to trigger out-of-bounds reads.
Please use CVE-2011-4353 for this issue.

> > > Please assign CVEs.
> > >
> > >
> > > Maybe someone wants to have a look if other issues in those
> > > releases are security relevant:
> > > http://git.videolan.org/?p=ffmpeg.git&a=shortlog&h=n0.7.8
> > This would be the original advisory http://ffmpeg.org/#pr7dot8and8dot7
> > correct?
> It is the upstream confirmation - at least it's about the same bugs.


-- 

-Kurt Seifried / Red Hat Security Response Team