Bug#775593: Bug#773626: libav: multiple security issues
Bálint Réczey
balint at balintreczey.hu
Mon Jan 19 13:42:48 UTC 2015
2015-01-18 20:41 GMT+01:00 Reinhard Tartler <siretart at gmail.com>:
> Control: severity -1 important
>
> On Sat, Jan 17, 2015 at 2:56 PM, Sebastian Ramacher
> <sramacher at debian.org> wrote:
>> On 2014-12-20 23:31:11, Michael Gilbert wrote:
>>> CVE-2014-8544[4]:
>>> | libavcodec/tiff.c in FFmpeg before 2.4.2 does not properly validate
>>> | bits-per-pixel fields, which allows remote attackers to cause a denial
>>> | of service (out-of-bounds access) or possibly have unspecified other
>>> | impact via crafted TIFF data.
>>
>>> CVE-2014-8546[6]:
>>> | Integer underflow in libavcodec/cinepak.c in FFmpeg before 2.4.2
>>> | allows remote attackers to cause a denial of service (out-of-bounds
>>> | access) or possibly have unspecified other impact via crafted Cinepak
>>> | video data.
>>
>>> CVE-2014-9316[10]:
>>> | The mjpeg_decode_app function in libavcodec/mjpegdec.c in FFMpeg
>>> | before 2.1.6, 2.2.x through 2.3.x, and 2.4.x before 2.4.4 allows
>>> | remote attackers to cause a denial of service (out-of-bounds heap
>>> | access) and possibly have other unspecified impact via vectors related
>>> | to LJIF tags in an MJPEG file.
>>
>>> CVE-2014-9318[11]:
>>> | The raw_decode function in libavcodec/rawdec.c in FFMpeg before 2.1.6,
>>> | 2.2.x through 2.3.x, and 2.4.x before 2.4.4 allows remote attackers to
>>> | cause a denial of service (out-of-bounds heap access) and possibly
>>> | have other unspecified impact via a crafted .cine file that triggers
>>> | the avpicture_get_size function to return a negative frame size.
>>
>>> CVE-2014-9319[12]:
>>> | The ff_hevc_decode_nal_sps function in libavcodec/hevc_ps.c in FFMpeg
>>> | before 2.1.6, 2.2.x through 2.3.x, and 2.4.x before 2.4.4 allows
>>> | remote attackers to cause a denial of service (out-of-bounds access)
>>> | via a crafted .bit file.
>>
>>> [4] https://security-tracker.debian.org/tracker/CVE-2014-8544
>>> [6] https://security-tracker.debian.org/tracker/CVE-2014-8546
>>> [10] https://security-tracker.debian.org/tracker/CVE-2014-9316
>>> [11] https://security-tracker.debian.org/tracker/CVE-2014-9318
>>> [12] https://security-tracker.debian.org/tracker/CVE-2014-9319
>>
>> I'm cloning this bug report to keep track of the unfixed CVEs.
>
> It seems to me that non of the above five entries have neither
> publicly accessible samples nor any public discussion on neither
> oss-sec nor fulldisc. It remains unclear whether or not they affect
> libav at all.
>
> While I agree that these issues should be investigated in more detail,
> the lack of instructions how to confirm and reproduce the issue makes
> working on this bug unreasonably hard. I'm therefore downgrading the
> severity of this issue to the non-RC severity "important"; this bug
> does not seem release critical to me at all.
Probably asking FFmpeg upstream would help, maybe Libav upstream also
have been notified about the details.
Cheers,
Balint
More information about the pkg-multimedia-maintainers
mailing list