Univention Bugzilla – Bug 48598
libav: Multiple issues (4.2)
Last modified: 2019-02-06 12:56:03 CET
New Debian libav 6:11.12-1~deb8u5 fixes: This update addresses the following issues: * libavcodec/utils.c in FFmpeg before 2.4.2 omits a certain codec ID during enforcement of alignment, which allows remote attackers to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via crafted JV data. (CVE-2014-8542) * Double-free vulnerability in libavformat/mov.c in FFMPEG in Google Chrome 41.0.2251.0 allows remote attackers to cause a denial of service (memory corruption and crash) via a crafted .m4a file. (CVE-2015-1207) * FFmpeg before 2017-02-04 has an out-of-bounds write caused by a heap-based buffer overflow related to the decode_frame_common function in libavcodec/pngdec.c. (CVE-2017-7863) * FFmpeg before 2017-01-24 has an out-of-bounds write caused by a heap-based buffer overflow related to the ipvideo_decode_block_opcode_0xA function in libavcodec/interplayvideo.c and the avcodec_align_dimensions2 function in libavcodec/utils.c. (CVE-2017-7865) * In the mxf_read_primer_pack function in libavformat/mxfdec.c in FFmpeg 3.3.3, an integer signedness error might occur when a crafted file, which claims a large "item_num" field such as 0xffffffff, is provided. As a result, the variable "item_num" turns negative, bypassing the check for a large value. (CVE-2017-14169) * In libavformat/asfdec_f.c in FFmpeg 3.3.3, a DoS in asf_build_simple_index() due to lack of an EOF (End of File) check might cause huge CPU consumption. When a crafted ASF file, which claims a large "ict" field in the header but does not contain sufficient backing data, is provided, the for loop would consume huge CPU and memory resources, since there is no EOF check inside the loop. (CVE-2017-14223)
--- mirror/ftp/4.2/unmaintained/component/4.2-5-errata/source/libav_11.12-1~deb8u4.dsc +++ apt/ucs_4.2-0-errata4.2-5/source/libav_11.12-1~deb8u5.dsc @@ -1,3 +1,16 @@ +6:11.12-1~deb8u5 [Mon, 21 Jan 2019 15:30:50 +0100] Mike Gabriel <sunweaver@debian.org>: + + * Non-maintainer upload by the LTS team.. + * CVE-2015-1207: avformat/mov: Fix integer overflow in + mov_read_udta_string(). + * CVE-2017-14169: In mxf_read_primer_pack() function, catch item_num + being negative, to avoid bypassing the check for a large value. + * CVE-2017-14223: avformat/asfdec: Fix DoS in asf_build_simple_index(). + Fix missing EOF check in loop. + * CVE-2017-7863: Bail out if trns was found before IHDR or IDAT in PNG data. + * CVE-2014-8542: Add case for jv to avcodec_align_dimensions2(). + * CVE-2017-7865: Add case for interplay_video to avcodec_align_dimensions2(). + 6:11.12-1~deb8u4 [Mon, 07 Jan 2019 19:45:12 +0100] Markus Koschany <apo@debian.org>: * Non-maintainer upload by the LTS team. <http://10.200.17.11/4.2-5/#7653744052416497952>
OK: yaml OK: announce_errata OK: patch OK: piuparts [4.2-5] cf0a31d1ad Bug #48598: libav 6:11.12-1~deb8u5 doc/errata/staging/libav.yaml | 46 +++++++++++++++++++++---------------------- 1 file changed, 23 insertions(+), 23 deletions(-) [4.2-5] 65a7f18c79 Bug #48598: libav 6:11.12-1~deb8u5 doc/errata/staging/libav.yaml | 41 +++++++++++++++++++++++++++++++++++++++++ 1 file changed, 41 insertions(+)
<http://errata.software-univention.de/ucs/4.2/592.html>