Bug#775593: Bug#773626: libav: multiple security issues

Sebastian Ramacher sramacher at debian.org
Sat Mar 14 20:18:52 UTC 2015 

Version: 11.3-1

On 2015-01-17 20:56:02, Sebastian Ramacher wrote:
> Control: clone -1 -2
> Control: retitle -2 libav: CVE-2014-{8544,8546,9316,9318,9319}
> Control: tags -1 + fixed-upstream pending
> 
> On 2014-12-20 23:31:11, Michael Gilbert wrote:
> > CVE-2014-8544[4]:
> > | libavcodec/tiff.c in FFmpeg before 2.4.2 does not properly validate
> > | bits-per-pixel fields, which allows remote attackers to cause a denial
> > | of service (out-of-bounds access) or possibly have unspecified other
> > | impact via crafted TIFF data.
> 
> > CVE-2014-8546[6]:
> > | Integer underflow in libavcodec/cinepak.c in FFmpeg before 2.4.2
> > | allows remote attackers to cause a denial of service (out-of-bounds
> > | access) or possibly have unspecified other impact via crafted Cinepak
> > | video data.
> 
> > CVE-2014-9316[10]:
> > | The mjpeg_decode_app function in libavcodec/mjpegdec.c in FFMpeg
> > | before 2.1.6, 2.2.x through 2.3.x, and 2.4.x before 2.4.4 allows
> > | remote attackers to cause a denial of service (out-of-bounds heap
> > | access) and possibly have other unspecified impact via vectors related
> > | to LJIF tags in an MJPEG file.
> 
> > CVE-2014-9318[11]:
> > | The raw_decode function in libavcodec/rawdec.c in FFMpeg before 2.1.6,
> > | 2.2.x through 2.3.x, and 2.4.x before 2.4.4 allows remote attackers to
> > | cause a denial of service (out-of-bounds heap access) and possibly
> > | have other unspecified impact via a crafted .cine file that triggers
> > | the avpicture_get_size function to return a negative frame size.
> 
> > CVE-2014-9319[12]:
> > | The ff_hevc_decode_nal_sps function in libavcodec/hevc_ps.c in FFMpeg
> > | before 2.1.6, 2.2.x through 2.3.x, and 2.4.x before 2.4.4 allows
> > | remote attackers to cause a denial of service (out-of-bounds access)
> > | via a crafted .bit file.
> 
> > [4] https://security-tracker.debian.org/tracker/CVE-2014-8544
> > [6] https://security-tracker.debian.org/tracker/CVE-2014-8546
> > [10] https://security-tracker.debian.org/tracker/CVE-2014-9316
> > [11] https://security-tracker.debian.org/tracker/CVE-2014-9318
> > [12] https://security-tracker.debian.org/tracker/CVE-2014-9319
> 
> I'm cloning this bug report to keep track of the unfixed CVEs.

CVE-2014-8544 has been fixed in 11.3-1, the others are marked as not affecting
libav.

Cheers
-- 
Sebastian Ramacher
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-multimedia-maintainers/attachments/20150314/0a35a695/attachment.sig>

More information about the pkg-multimedia-maintainers mailing list