Bug#773626: libav: multiple security issues
Michael Gilbert
mgilbert at debian.org
Sun Dec 21 04:31:11 UTC 2014
package: src:libav
version: 6:0.8.16-1
severity: serious
tags: security
Hi,
the following vulnerabilities were published for libav.
CVE-2014-8541[0]:
| libavcodec/mjpegdec.c in FFmpeg before 2.4.2 considers only dimension
| differences, and not bits-per-pixel differences, when determining
| whether an image size has changed, which allows remote attackers to
| cause a denial of service (out-of-bounds access) or possibly have
| unspecified other impact via crafted MJPEG data.
CVE-2014-8542[1]:
| libavcodec/utils.c in FFmpeg before 2.4.2 omits a certain codec ID
| during enforcement of alignment, which allows remote attackers to
| cause a denial of service (out-of-bounds access) or possibly have
| unspecified other impact via crafted JV data.
CVE-2014-8543[2]:
| libavcodec/mmvideo.c in FFmpeg before 2.4.2 does not consider all
| lines of HHV Intra blocks during validation of image height, which
| allows remote attackers to cause a denial of service (out-of-bounds
| access) or possibly have unspecified other impact via crafted MM video
| data.
CVE-2014-8543[3]:
| libavcodec/mmvideo.c in FFmpeg before 2.4.2 does not consider all
| lines of HHV Intra blocks during validation of image height, which
| allows remote attackers to cause a denial of service (out-of-bounds
| access) or possibly have unspecified other impact via crafted MM video
| data.
CVE-2014-8544[4]:
| libavcodec/tiff.c in FFmpeg before 2.4.2 does not properly validate
| bits-per-pixel fields, which allows remote attackers to cause a denial
| of service (out-of-bounds access) or possibly have unspecified other
| impact via crafted TIFF data.
CVE-2014-8545[5]:
| libavcodec/pngdec.c in FFmpeg before 2.4.2 accepts the
| monochrome-black format without verifying that the bits-per-pixel
| value is 1, which allows remote attackers to cause a denial of service
| (out-of-bounds access) or possibly have unspecified other impact via
| crafted PNG data.
CVE-2014-8546[6]:
| Integer underflow in libavcodec/cinepak.c in FFmpeg before 2.4.2
| allows remote attackers to cause a denial of service (out-of-bounds
| access) or possibly have unspecified other impact via crafted Cinepak
| video data.
CVE-2014-8547[7]:
| libavcodec/gifdec.c in FFmpeg before 2.4.2 does not properly compute
| image heights, which allows remote attackers to cause a denial of
| service (out-of-bounds access) or possibly have unspecified other
| impact via crafted GIF data.
CVE-2014-8548[8]:
| Off-by-one error in libavcodec/smc.c in FFmpeg before 2.4.2 allows
| remote attackers to cause a denial of service (out-of-bounds access)
| or possibly have unspecified other impact via crafted Quicktime
| Graphics (aka SMC) video data.
CVE-2014-8549[9]:
| libavcodec/on2avc.c in FFmpeg before 2.4.2 does not constrain the
| number of channels to at most 2, which allows remote attackers to
| cause a denial of service (out-of-bounds access) or possibly have
| unspecified other impact via crafted On2 data.
CVE-2014-9316[10]:
| The mjpeg_decode_app function in libavcodec/mjpegdec.c in FFMpeg
| before 2.1.6, 2.2.x through 2.3.x, and 2.4.x before 2.4.4 allows
| remote attackers to cause a denial of service (out-of-bounds heap
| access) and possibly have other unspecified impact via vectors related
| to LJIF tags in an MJPEG file.
CVE-2014-9318[11]:
| The raw_decode function in libavcodec/rawdec.c in FFMpeg before 2.1.6,
| 2.2.x through 2.3.x, and 2.4.x before 2.4.4 allows remote attackers to
| cause a denial of service (out-of-bounds heap access) and possibly
| have other unspecified impact via a crafted .cine file that triggers
| the avpicture_get_size function to return a negative frame size.
CVE-2014-9319[12]:
| The ff_hevc_decode_nal_sps function in libavcodec/hevc_ps.c in FFMpeg
| before 2.1.6, 2.2.x through 2.3.x, and 2.4.x before 2.4.4 allows
| remote attackers to cause a denial of service (out-of-bounds access)
| via a crafted .bit file.
If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2014-8541
[1] https://security-tracker.debian.org/tracker/CVE-2014-8542
[2] https://security-tracker.debian.org/tracker/CVE-2014-8543
[3] https://security-tracker.debian.org/tracker/CVE-2014-8543
[4] https://security-tracker.debian.org/tracker/CVE-2014-8544
[5] https://security-tracker.debian.org/tracker/CVE-2014-8545
[6] https://security-tracker.debian.org/tracker/CVE-2014-8546
[7] https://security-tracker.debian.org/tracker/CVE-2014-8547
[8] https://security-tracker.debian.org/tracker/CVE-2014-8548
[9] https://security-tracker.debian.org/tracker/CVE-2014-8549
[10] https://security-tracker.debian.org/tracker/CVE-2014-9316
[11] https://security-tracker.debian.org/tracker/CVE-2014-9318
[12] https://security-tracker.debian.org/tracker/CVE-2014-9319
Please adjust the affected versions in the BTS as needed.
More information about the pkg-multimedia-maintainers
mailing list