oss-sec mailing list archives
Re: CVE Request: ffmpeg
From: Kurt Seifried <kseifried () redhat com>
Date: Tue, 06 Dec 2011 17:31:44 -0700
Sure! The 3 other issues got CVEs assigned here: http://marc.info/?l=oss-security&m=132205107221272&w=2 CVE-2011-4351 - An error within the QDM2 decoder (libavcodec/qdm2.c) can be exploited to cause a buffer overflow. Seems to be the following commits in libavcodec/qdm2.c (at least the last one, the others seem to be a bit older): http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=491eaf35ae1f9b619441314bec33766e31580184 http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=291d74a46d32183653db07818c7b3407fd50a288 http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=7d49f79f1cd47783a963a757a6563b9cac29db62 http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=14db3af4f26dad8e6ddf2147e96ccc710952ad4d http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=895d258e9ba065d035dd30dbc622423031f0185c Last commit says this fixes NGS00144 CVE-2011-4352 - An integer overflow error within the "vp3_dequant()" function (libavcodec/vp3.c) can be exploited to cause a buffer overflow. Seems to be the following commit in libavcodec/vp3.c: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=eef5c35b4352ec49ca41f6198bee8a976b1f81e5 Commit says this fixes NGS00145 CVE-2011-4353 - Errors within the "av_image_fill_pointers()", the "vp5_parse_coeff()", and the "vp6_parse_coeff()" functions can be exploited to trigger out-of-bounds reads. Seems to be the following commits in libavutil/imgutils.c, libavcodec/vp5.c, libavcodec/vp6.c: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=c693aa6f71b4f539cf9df67ba42f4b1932981687 http://git.videolan.org/?p=ffmpeg.git;a=commit;h=bb4b0ad83b13c3af57675e80163f3f333adef96f http://git.videolan.org/?p=ffmpeg.git;a=commit;h=e0966eb140b3569b3d6b5b5008961944ef229c06 So, the fourth issue, which is fixed by the following commit that matches the description doesn't seem to have a CVE number, and doesn't seem to be related to the others: "An error within the "svq1_decode_frame()" function (libavcodec/svq1dec.c) can be exploited to corrupt memory." http://git.videolan.org/?p=ffmpeg.git;a=commit;h=4931c8f0f10bf8dedcf626104a6b85bfefadc6f2 Commit says it fixes NGS00148. Marc.
Thanks, context is king =). Please use CVE-2011-4579 for this new issue ( svq1_decode_frame() ) -- -Kurt Seifried / Red Hat Security Response Team
Current thread:
- CVE Request: ffmpeg Marc Deslauriers (Dec 04)
- Re: CVE Request: ffmpeg Kurt Seifried (Dec 04)
- Re: CVE Request: ffmpeg Marc Deslauriers (Dec 05)
- Re: CVE Request: ffmpeg Kurt Seifried (Dec 06)
- Re: CVE Request: ffmpeg Marc Deslauriers (Dec 05)
- Re: CVE Request: ffmpeg Kurt Seifried (Dec 04)