Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [day] [month] [year] [list]
Date: Sat, 8 Oct 2016 07:09:17 +0000
From: 连一汉 <lianyihan@....cn>
To: "oss-security@...ts.openwall.com" <oss-security@...ts.openwall.com>
Subject: ffmpeg before 3.1.4 [CVE-2016-7562] [CVE-2016-7122] [CVE-2016-7450] [CVE-2016-7502]
 [CVE-2016-7555] [CVE-2016-7785] [CVE-2016-7905]

CVE-2016-7562

ff_draw_pc_font in ffmpeg before 3.1.4 uses incorrect font_height value ,which allows remote attackers to cause ffmpeg service a out-of-bounds array write fault
when it uses 'ansi' to decode a AVI file which has a crafted 'strf' struct.

fixs:https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/496267f8e9ec218351e4359e1fde48722d4fc804



CVE-2016-7122

avi_read_nikon in ffmpeg before 3.1.4 is vulnerable to infinite loop when it decode an AVI file which has a crafted 'nctg' struct.

fixs:https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/ed38046c5c2e3b310980be32287179895c83e0d8




CVE-2016-7450

i2f in ffmpeg before 3.1.4 uses incorrect re_signal value ,which results in an out-of-bounds array read .

fixs:https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/ac8ac46641adef208485baebc3734463bf0bd266




CVE-2016-7502

cavs_idct8_add_c in ffmpeg before 3.1.4 uses incorrect block value ,which results in an out-of-bounds array read .

fixs:https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/9d738e6968757d4e70c8e07e0b720ac0004accc4




CVE-2016-7555

avi_read_header in ffmpeg before 3.1.4 is vulnerable to a memory leakage issue when it decodes an AVI file which has a crafted 'strh' struct.

fixs:https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/8834e080c20d3d23c3ffe779371359f9b9b835ec


CVE-2016-7785

avi_read_seek in ffmpeg before 3.1.4 uses incorrect scale value , which allows remote attackers to cause a assert fault of service via an AVI file which has a craft 'strh' struct.

fixs:https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/c8c5f66b42edc37474baa5cb51460cbf6f33075b




CVE-2016-7905

read_gab2_sub in ffmpeg before 3.1.4 is vulnerable to a null-point-exception when it decodes an AVI file which has a crafted 'gab2' struct.

fixs:https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/622ccbd8ab894e3ac6cdf607e3d4f39e406786e9


Reported by LianYihan in Qihoo 360 Gear Team.

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.