Bug#703200: libav: CVE-2013-0894 CVE-2013-2277 CVE-2013-2495 CVE-2013-2496
Michael Gilbert
mgilbert at debian.org
Sat Mar 16 20:09:28 UTC 2013
package: src:libav
severity: grave
version: 6:0.8.5-1
Hi, the following vulnerabilities were published for libav. These are
currently unfixed in 0.8.5-1.
CVE-2013-0894[0]:
| Buffer overflow in the vorbis_parse_setup_hdr_floors function in the
| Vorbis decoder in vorbisdec.c in libavcodec in FFmpeg through 1.1.3,
| as used in Google Chrome before 25.0.1364.97 on Windows and Linux and
| before 25.0.1364.99 on Mac OS X and other products, allows remote
| attackers to cause a denial of service (divide-by-zero error or
| out-of-bounds array access) or possibly have unspecified other impact
| via vectors involving a zero value for a bark map size.
CVE-2013-2277[1]:
| The ff_h264_decode_seq_parameter_set function in h264_ps.c in
| libavcodec in FFmpeg before 1.1.3 does not validate the relationship
| between luma depth and chroma depth, which allows remote attackers to
| cause a denial of service (out-of-bounds array access and application
| crash) or possibly have unspecified other impact via crafted H.264
| data.
CVE-2013-2495[2]:
| The iff_read_header function in iff.c in libavformat in FFmpeg through
| 1.1.3 does not properly handle data sizes for Interchange File Format
| (IFF) data during operations involving a CMAP chunk or a video codec,
| which allows remote attackers to cause a denial of service (integer
| overflow, out-of-bounds array access, and application crash) or
| possibly have unspecified other impact via a crafted header.
CVE-2013-2496[3]:
| The msrle_decode_8_16_24_32 function in msrledec.c in libavcodec in
| FFmpeg through 1.1.3 does not properly determine certain end pointers,
| which allows remote attackers to cause a denial of service
| (out-of-bounds array access and application crash) or possibly have
| unspecified other impact via crafted Microsoft RLE data.
If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.
For further information see:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0894
http://security-tracker.debian.org/tracker/CVE-2013-0894
[1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2277
http://security-tracker.debian.org/tracker/CVE-2013-2277
[2] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2495
http://security-tracker.debian.org/tracker/CVE-2013-2495
[3] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2496
http://security-tracker.debian.org/tracker/CVE-2013-2496
More information about the pkg-multimedia-maintainers
mailing list