Mandriva Linux Security Advisory : ffmpeg (MDVSA-2014:227)

high Nessus Plugin ID 79573

Synopsis

The remote Mandriva Linux host is missing one or more security updates.

Description

Multiple vulnerabilities has been discovered and corrected in ffmpeg :

The decode_init function in libavcodec/huffyuv.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via a crafted width in huffyuv data with the predictor set to median and the colorspace set to YUV422P, which triggers an out-of-bounds array access (CVE-2013-0848).

The parse_picture_segment function in libavcodec/pgssubdec.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via crafted RLE data, which triggers an out-of-bounds array access (CVE-2013-0852).

The ff_er_frame_end function in libavcodec/error_resilience.c in FFmpeg before 1.0.4 and 1.1.x before 1.1.1 does not properly verify that a frame is fully initialized, which allows remote attackers to trigger a NULL pointer dereference via crafted picture data (CVE-2013-0860).

The mm_decode_inter function in mmvideo.c in libavcodec in FFmpeg before 1.2.1 does not validate the relationship between a horizontal coordinate and a width value, which allows remote attackers to cause a denial of service (out-of-bounds array access and application crash) via crafted American Laser Games (ALG) MM Video data (CVE-2013-3672).

The cdg_decode_frame function in cdgraphics.c in libavcodec in FFmpeg before 1.2.1 does not validate the presence of non-header data in a buffer, which allows remote attackers to cause a denial of service (out-of-bounds array access and application crash) via crafted CD Graphics Video data (CVE-2013-3674).

The read_header function in libavcodec/ffv1dec.c in FFmpeg before 2.1 does not properly enforce certain bit-count and colorspace constraints, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted FFV1 data (CVE-2013-7020).

The updated packages have been upgraded to the 0.10.15 version which is not vulnerable to these issues.

Solution

Update the affected packages.

See Also

https://www.ffmpeg.org/security.html

Plugin Details

Severity: High

ID: 79573

File Name: mandriva_MDVSA-2014-227.nasl

Version: 1.4

Type: local

Published: 11/26/2014

Updated: 1/6/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: High

Base Score: 9.3

Temporal Score: 8.1

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: p-cpe:/a:mandriva:linux:ffmpeg, p-cpe:/a:mandriva:linux:lib64avcodec53, p-cpe:/a:mandriva:linux:lib64avfilter2, p-cpe:/a:mandriva:linux:lib64avformat53, p-cpe:/a:mandriva:linux:lib64avutil51, p-cpe:/a:mandriva:linux:lib64ffmpeg-devel, p-cpe:/a:mandriva:linux:lib64ffmpeg-static-devel, p-cpe:/a:mandriva:linux:lib64postproc52, p-cpe:/a:mandriva:linux:lib64swresample0, p-cpe:/a:mandriva:linux:lib64swscaler2, cpe:/o:mandriva:business_server:1

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/Mandrake/release, Host/Mandrake/rpm-list

Exploit Ease: No known exploits are available

Patch Publication Date: 11/25/2014

Reference Information

CVE: CVE-2013-0848, CVE-2013-0852, CVE-2013-0860, CVE-2013-3672, CVE-2013-3674, CVE-2013-7020

BID: 63936, 60492, 63796, 63941

MDVSA: 2014:227