what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

Mandriva Linux Security Advisory 2014-227

Mandriva Linux Security Advisory 2014-227
Posted Nov 25, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-227 - The decode_init function in libavcodec/huffyuv.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via a crafted width in huffyuv data with the predictor set to median and the colorspace set to YUV422P, which triggers an out-of-bounds array access. The parse_picture_segment function in libavcodec/pgssubdec.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via crafted RLE data, which triggers an out-of-bounds array access. The ff_er_frame_end function in libavcodec/error_resilience.c in FFmpeg before 1.0.4 and 1.1.x before 1.1.1 does not properly verify that a frame is fully initialized, which allows remote attackers to trigger a NULL pointer dereference via crafted picture data. The mm_decode_inter function in mmvideo.c in libavcodec in FFmpeg before 1.2.1 does not validate the relationship between a horizontal coordinate and a width value, which allows remote attackers to cause a denial of service via crafted American Laser Games MM Video data. The cdg_decode_frame function in cdgraphics.c in libavcodec in FFmpeg before 1.2.1 does not validate the presence of non-header data in a buffer, which allows remote attackers to cause a denial of service via crafted CD Graphics Video data. The read_header function in libavcodec/ffv1dec.c in FFmpeg before 2.1 does not properly enforce certain bit-count and colorspace constraints, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted FFV1 data. The updated packages have been upgraded to the 0.10.15 version which is not vulnerable to these issues.

tags | advisory, remote, denial of service
systems | linux, mandriva
advisories | CVE-2013-0848, CVE-2013-0852, CVE-2013-0860, CVE-2013-3672, CVE-2013-3674, CVE-2013-7020
SHA-256 | cf41dc584dc8f69da805e217d05ba3652ca3aa212448252fb3fd5fc8f26c4777

Mandriva Linux Security Advisory 2014-227

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2014:227
http://www.mandriva.com/en/support/security/
_______________________________________________________________________

Package : ffmpeg
Date : November 25, 2014
Affected: Business Server 1.0
_______________________________________________________________________

Problem Description:

Multiple vulnerabilities has been discovered and corrected in ffmpeg:

The decode_init function in libavcodec/huffyuv.c in FFmpeg before
1.1 allows remote attackers to have an unspecified impact via a
crafted width in huffyuv data with the predictor set to median and
the colorspace set to YUV422P, which triggers an out-of-bounds array
access (CVE-2013-0848).

The parse_picture_segment function in libavcodec/pgssubdec.c in FFmpeg
before 1.1 allows remote attackers to have an unspecified impact
via crafted RLE data, which triggers an out-of-bounds array access
(CVE-2013-0852).

The ff_er_frame_end function in libavcodec/error_resilience.c in FFmpeg
before 1.0.4 and 1.1.x before 1.1.1 does not properly verify that a
frame is fully initialized, which allows remote attackers to trigger
a NULL pointer dereference via crafted picture data (CVE-2013-0860).

The mm_decode_inter function in mmvideo.c in libavcodec in FFmpeg
before 1.2.1 does not validate the relationship between a horizontal
coordinate and a width value, which allows remote attackers to cause
a denial of service (out-of-bounds array access and application crash)
via crafted American Laser Games (ALG) MM Video data (CVE-2013-3672).

The cdg_decode_frame function in cdgraphics.c in libavcodec in FFmpeg
before 1.2.1 does not validate the presence of non-header data in a
buffer, which allows remote attackers to cause a denial of service
(out-of-bounds array access and application crash) via crafted CD
Graphics Video data (CVE-2013-3674).

The read_header function in libavcodec/ffv1dec.c in FFmpeg before
2.1 does not properly enforce certain bit-count and colorspace
constraints, which allows remote attackers to cause a denial of service
(out-of-bounds array access) or possibly have unspecified other impact
via crafted FFV1 data (CVE-2013-7020).

The updated packages have been upgraded to the 0.10.15 version which
is not vulnerable to these issues.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0848
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0852
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0860
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3672
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3674
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7020
https://www.ffmpeg.org/security.html
_______________________________________________________________________

Updated Packages:

Mandriva Business Server 1/X86_64:
e31c4a13bea24bab16d1cb1dda38b58e mbs1/x86_64/ffmpeg-0.10.15-1.mbs1.x86_64.rpm
eaa771f3b8321de63ebc2aa22a034172 mbs1/x86_64/lib64avcodec53-0.10.15-1.mbs1.x86_64.rpm
13c0a6ba4b3350964c7df3cb7e5728ee mbs1/x86_64/lib64avfilter2-0.10.15-1.mbs1.x86_64.rpm
b50f091e8ebae65efe3254bdc3e46a49 mbs1/x86_64/lib64avformat53-0.10.15-1.mbs1.x86_64.rpm
86bda7e063bba85bce52932a4b4e8fed mbs1/x86_64/lib64avutil51-0.10.15-1.mbs1.x86_64.rpm
d14c1a61c6ace365d538a5c0affd96c2 mbs1/x86_64/lib64ffmpeg-devel-0.10.15-1.mbs1.x86_64.rpm
8be64ec85e727546b59f53fa30e5ceb1 mbs1/x86_64/lib64ffmpeg-static-devel-0.10.15-1.mbs1.x86_64.rpm
10e0dd8821e3e27e6c1fe4fab90f3f5c mbs1/x86_64/lib64postproc52-0.10.15-1.mbs1.x86_64.rpm
d2c54752d48a8abcd0a80a67d5be23be mbs1/x86_64/lib64swresample0-0.10.15-1.mbs1.x86_64.rpm
8d376b95efd9b83ec21b9f3dbdb73472 mbs1/x86_64/lib64swscaler2-0.10.15-1.mbs1.x86_64.rpm
279c214034c9a2e45a55ed06226c1db9 mbs1/SRPMS/ffmpeg-0.10.15-1.mbs1.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/en/support/security/advisories/

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iD8DBQFUdHCWmqjQ0CJFipgRAgaqAJ9gIculetYedcG09QH7L+M9Bnl5wgCeK2cW
W4+U8mQPMn2YI2LJvB0bh3I=
=z7T1
-----END PGP SIGNATURE-----
Login or Register to add favorites

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    13 Files
  • 21
    Nov 21st
    6 Files
  • 22
    Nov 22nd
    48 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    60 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    44 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close