Univention Bugzilla – Bug 49547
ffmpeg: Multiple issues (4.3)
Last modified: 2019-05-29 13:51:31 CEST
New Debian ffmpeg 7:3.2.14-1~deb9u1 fixes: This update addresses the following issues: * The flv_write_packet function in libavformat/flvenc.c in FFmpeg through 4.0.2 does not check for an empty audio packet, leading to an assertion failure. (CVE-2018-15822) * FFmpeg before commit 2b46ebdbff1d8dec7a3d8ea280a612b91a582869 contains a Buffer Overflow vulnerability in asf_o format demuxer that can result in heap-buffer-overflow that may result in remote code execution. This attack appears to be exploitable via specially crafted ASF file that has to be provided as input to FFmpeg. This vulnerability appears to have been fixed in 2b46ebdbff1d8dec7a3d8ea280a612b91a582869 and later. (CVE-2018-1999011) * denial of service in subtitle decoder allows attackers to hog CPU via crafted video file (CVE-2019-9718) * libavcodec/hevcdec.c in FFmpeg 4.1.2 mishandles detection of duplicate first slices, which allows remote attackers to cause a denial of service (NULL pointer dereference and out-of-array access) or possibly have unspecified other impact via crafted HEVC data. (CVE-2019-11338)
--- mirror/ftp/4.3/unmaintained/4.3-2/source/ffmpeg_3.2.12-1~deb9u1.dsc +++ apt/ucs_4.3-0-errata4.3-4/source/ffmpeg_3.2.14-1~deb9u1.dsc @@ -1,3 +1,13 @@ +7:3.2.14-1~deb9u1 [Wed, 22 May 2019 00:04:41 +0200] Moritz Mühlenhoff <jmm@debian.org>: + + * New upstream release(s). + - avcodec/htmlsubtitles: Fixes denial of service due to use + of sscanf in inner loop for handling braces (CVE-2019-9718) + - avcodec/hevcdec: Avoid only partly skiping duplicate first slices + (CVE-2019-11338) + - avformat/asfdec_o: Check size_bmp more fully (CVE-2018-1999011) + - avformat/flvenc: Check audio packet size (CVE-2018-15822) + 7:3.2.12-1~deb9u1 [Sat, 28 Jul 2018 16:27:42 +0800] James Cowgill <jcowgill@debian.org>: * New upstream release. <http://10.200.17.11/4.3-4/#397840453870570022>
OK: yaml OK: announce_errata OK: patch OK: piuparts [4.3-4] 7b27487e44 Bug #49547: ffmpeg 7:3.2.14-1~deb9u1 doc/errata/staging/ffmpeg.yaml | 25 +++++++++++-------------- 1 file changed, 11 insertions(+), 14 deletions(-) [4.3-4] ec0e014f77 Bug #49547: ffmpeg 7:3.2.14-1~deb9u1 doc/errata/staging/ffmpeg.yaml | 29 +++++++++++++++++++++++++++++ 1 file changed, 29 insertions(+)
<http://errata.software-univention.de/ucs/4.3/508.html>