[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Mon, 05 Dec 2011 08:58:14 -0500
From: Marc Deslauriers <marc.deslauriers@...onical.com>
To: kseifried@...hat.com
Cc: oss-security@...ts.openwall.com
Subject: Re: CVE Request: ffmpeg
On Sun, 2011-12-04 at 11:36 -0700, Kurt Seifried wrote:
> On 12/04/2011 04:06 AM, Marc Deslauriers wrote:
> > This doesn't seem to have a CVE:
> >
> > An error within the "svq1_decode_frame()" function
> > (libavcodec/svq1dec.c) can be exploited to corrupt memory.
> >
> > http://git.videolan.org/?p=ffmpeg.git;a=commit;h=4931c8f0f10bf8dedcf626104a6b85bfefadc6f2
> >
> > http://secunia.com/advisories/46888/
> > http://archives.neohapsis.com/archives/bugtraq/2011-11/0148.html
> >
> The secunia page lists 3 CVE's and 4 issues with no mappings to CVE's to
> issues that I can see. Can you reply with the mapping information that
> you used to determine that this issue was not assigned a CVE (as opposed
> to one of the other issues)?. Also can you confirm or proove that these
> 4 issues are all separate and that two of them have not been merged
> (thus obviating any need for a third CVE)? Thanks in advance. If anyone
> from Secunia is on this list I'd love to hear from you/any comments on
> this issue are more then welcome.
>
Sure!
The 3 other issues got CVEs assigned here:
http://marc.info/?l=oss-security&m=132205107221272&w=2
CVE-2011-4351 - An error within the QDM2 decoder (libavcodec/qdm2.c) can
be exploited to cause a buffer overflow.
Seems to be the following commits in libavcodec/qdm2.c (at least the
last one, the others seem to be a bit older):
http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=491eaf35ae1f9b619441314bec33766e31580184
http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=291d74a46d32183653db07818c7b3407fd50a288
http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=7d49f79f1cd47783a963a757a6563b9cac29db62
http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=14db3af4f26dad8e6ddf2147e96ccc710952ad4d
http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=895d258e9ba065d035dd30dbc622423031f0185c
Last commit says this fixes NGS00144
CVE-2011-4352 - An integer overflow error within the "vp3_dequant()"
function (libavcodec/vp3.c) can be exploited to cause a buffer overflow.
Seems to be the following commit in libavcodec/vp3.c:
http://git.videolan.org/?p=ffmpeg.git;a=commit;h=eef5c35b4352ec49ca41f6198bee8a976b1f81e5
Commit says this fixes NGS00145
CVE-2011-4353 - Errors within the "av_image_fill_pointers()", the
"vp5_parse_coeff()", and the "vp6_parse_coeff()" functions can be
exploited to trigger out-of-bounds reads.
Seems to be the following commits in libavutil/imgutils.c,
libavcodec/vp5.c, libavcodec/vp6.c:
http://git.videolan.org/?p=ffmpeg.git;a=commit;h=c693aa6f71b4f539cf9df67ba42f4b1932981687
http://git.videolan.org/?p=ffmpeg.git;a=commit;h=bb4b0ad83b13c3af57675e80163f3f333adef96f
http://git.videolan.org/?p=ffmpeg.git;a=commit;h=e0966eb140b3569b3d6b5b5008961944ef229c06
So, the fourth issue, which is fixed by the following commit that
matches the description doesn't seem to have a CVE number, and doesn't
seem to be related to the others:
"An error within the "svq1_decode_frame()" function
(libavcodec/svq1dec.c) can be exploited to corrupt memory."
http://git.videolan.org/?p=ffmpeg.git;a=commit;h=4931c8f0f10bf8dedcf626104a6b85bfefadc6f2
Commit says it fixes NGS00148.
Marc.
Powered by blists - more mailing lists
Please check out the
Open Source Software Security Wiki, which is counterpart to this
mailing list.
Confused about mailing lists and their use?
Read about mailing lists on Wikipedia
and check out these
guidelines on proper formatting of your messages.
