Bug#773626: libav: multiple security issues

Sebastian Ramacher sramacher at debian.org
Sat Jan 17 19:56:02 UTC 2015 

Control: clone -1 -2
Control: retitle -2 libav: CVE-2014-{8544,8546,9316,9318,9319}
Control: tags -1 + fixed-upstream pending

On 2014-12-20 23:31:11, Michael Gilbert wrote:
> CVE-2014-8544[4]:
> | libavcodec/tiff.c in FFmpeg before 2.4.2 does not properly validate
> | bits-per-pixel fields, which allows remote attackers to cause a denial
> | of service (out-of-bounds access) or possibly have unspecified other
> | impact via crafted TIFF data.

> CVE-2014-8546[6]:
> | Integer underflow in libavcodec/cinepak.c in FFmpeg before 2.4.2
> | allows remote attackers to cause a denial of service (out-of-bounds
> | access) or possibly have unspecified other impact via crafted Cinepak
> | video data.

> CVE-2014-9316[10]:
> | The mjpeg_decode_app function in libavcodec/mjpegdec.c in FFMpeg
> | before 2.1.6, 2.2.x through 2.3.x, and 2.4.x before 2.4.4 allows
> | remote attackers to cause a denial of service (out-of-bounds heap
> | access) and possibly have other unspecified impact via vectors related
> | to LJIF tags in an MJPEG file.

> CVE-2014-9318[11]:
> | The raw_decode function in libavcodec/rawdec.c in FFMpeg before 2.1.6,
> | 2.2.x through 2.3.x, and 2.4.x before 2.4.4 allows remote attackers to
> | cause a denial of service (out-of-bounds heap access) and possibly
> | have other unspecified impact via a crafted .cine file that triggers
> | the avpicture_get_size function to return a negative frame size.

> CVE-2014-9319[12]:
> | The ff_hevc_decode_nal_sps function in libavcodec/hevc_ps.c in FFMpeg
> | before 2.1.6, 2.2.x through 2.3.x, and 2.4.x before 2.4.4 allows
> | remote attackers to cause a denial of service (out-of-bounds access)
> | via a crafted .bit file.

> [4] https://security-tracker.debian.org/tracker/CVE-2014-8544
> [6] https://security-tracker.debian.org/tracker/CVE-2014-8546
> [10] https://security-tracker.debian.org/tracker/CVE-2014-9316
> [11] https://security-tracker.debian.org/tracker/CVE-2014-9318
> [12] https://security-tracker.debian.org/tracker/CVE-2014-9319

I'm cloning this bug report to keep track of the unfixed CVEs.

Cheers
-- 
Sebastian Ramacher
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-multimedia-maintainers/attachments/20150117/7d59a9ff/attachment.sig>

More information about the pkg-multimedia-maintainers mailing list