Bug#775593: Bug#773626: libav: multiple security issues

Reinhard Tartler siretart at gmail.com
Sun Jan 18 19:41:34 UTC 2015 

Control: severity -1 important

On Sat, Jan 17, 2015 at 2:56 PM, Sebastian Ramacher
<sramacher at debian.org> wrote:
> On 2014-12-20 23:31:11, Michael Gilbert wrote:
>> CVE-2014-8544[4]:
>> | libavcodec/tiff.c in FFmpeg before 2.4.2 does not properly validate
>> | bits-per-pixel fields, which allows remote attackers to cause a denial
>> | of service (out-of-bounds access) or possibly have unspecified other
>> | impact via crafted TIFF data.
>
>> CVE-2014-8546[6]:
>> | Integer underflow in libavcodec/cinepak.c in FFmpeg before 2.4.2
>> | allows remote attackers to cause a denial of service (out-of-bounds
>> | access) or possibly have unspecified other impact via crafted Cinepak
>> | video data.
>
>> CVE-2014-9316[10]:
>> | The mjpeg_decode_app function in libavcodec/mjpegdec.c in FFMpeg
>> | before 2.1.6, 2.2.x through 2.3.x, and 2.4.x before 2.4.4 allows
>> | remote attackers to cause a denial of service (out-of-bounds heap
>> | access) and possibly have other unspecified impact via vectors related
>> | to LJIF tags in an MJPEG file.
>
>> CVE-2014-9318[11]:
>> | The raw_decode function in libavcodec/rawdec.c in FFMpeg before 2.1.6,
>> | 2.2.x through 2.3.x, and 2.4.x before 2.4.4 allows remote attackers to
>> | cause a denial of service (out-of-bounds heap access) and possibly
>> | have other unspecified impact via a crafted .cine file that triggers
>> | the avpicture_get_size function to return a negative frame size.
>
>> CVE-2014-9319[12]:
>> | The ff_hevc_decode_nal_sps function in libavcodec/hevc_ps.c in FFMpeg
>> | before 2.1.6, 2.2.x through 2.3.x, and 2.4.x before 2.4.4 allows
>> | remote attackers to cause a denial of service (out-of-bounds access)
>> | via a crafted .bit file.
>
>> [4] https://security-tracker.debian.org/tracker/CVE-2014-8544
>> [6] https://security-tracker.debian.org/tracker/CVE-2014-8546
>> [10] https://security-tracker.debian.org/tracker/CVE-2014-9316
>> [11] https://security-tracker.debian.org/tracker/CVE-2014-9318
>> [12] https://security-tracker.debian.org/tracker/CVE-2014-9319
>
> I'm cloning this bug report to keep track of the unfixed CVEs.

It seems to me that non of the above five entries have neither
publicly accessible samples nor any public discussion on neither
oss-sec nor fulldisc. It remains unclear whether or not they affect
libav at all.

While I agree that these issues should be investigated in more detail,
the lack of instructions how to confirm and reproduce the issue makes
working on this bug unreasonably hard. I'm therefore downgrading the
severity of this issue to the non-RC severity "important"; this bug
does not seem release critical to me at all.

-- 
regards,
    Reinhard

More information about the pkg-multimedia-maintainers mailing list