Bug 49547 - ffmpeg: Multiple issues (4.3)
ffmpeg: Multiple issues (4.3)
Status: CLOSED FIXED
Product: UCS
Classification: Unclassified
Component: Security updates
UCS 4.3
All Linux
: P3 normal (vote)
: UCS 4.3-4-errata
Assigned To: Quality Assurance
Philipp Hahn
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2019-05-24 12:09 CEST by Quality Assurance
Modified: 2019-05-29 13:51 CEST (History)
0 users

See Also:
What kind of report is it?: Security Issue
What type of bug is this?: ---
Who will be affected by this bug?: ---
How will those affected feel about the bug?: ---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):
Max CVSS v3 score: 8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) Debian NVD RedHat


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Quality Assurance univentionstaff 2019-05-24 12:09:30 CEST
New Debian ffmpeg 7:3.2.14-1~deb9u1 fixes:
This update addresses the following issues:
* The flv_write_packet function in libavformat/flvenc.c in FFmpeg through  4.0.2 does not check for an empty audio packet, leading to an assertion  failure. (CVE-2018-15822)
* FFmpeg before commit 2b46ebdbff1d8dec7a3d8ea280a612b91a582869 contains a  Buffer Overflow vulnerability in asf_o format demuxer that can result in  heap-buffer-overflow that may result in remote code execution. This attack  appears to be exploitable via specially crafted ASF file that has to be  provided as input to FFmpeg. This vulnerability appears to have been fixed  in 2b46ebdbff1d8dec7a3d8ea280a612b91a582869 and later. (CVE-2018-1999011)
* denial of service in subtitle decoder allows attackers to hog CPU via  crafted video file (CVE-2019-9718)
* libavcodec/hevcdec.c in FFmpeg 4.1.2 mishandles detection of duplicate  first slices, which allows remote attackers to cause a denial of service  (NULL pointer dereference and out-of-array access) or possibly have  unspecified other impact via crafted HEVC data. (CVE-2019-11338)
Comment 1 Quality Assurance univentionstaff 2019-05-24 13:12:15 CEST
--- mirror/ftp/4.3/unmaintained/4.3-2/source/ffmpeg_3.2.12-1~deb9u1.dsc
+++ apt/ucs_4.3-0-errata4.3-4/source/ffmpeg_3.2.14-1~deb9u1.dsc
@@ -1,3 +1,13 @@
+7:3.2.14-1~deb9u1 [Wed, 22 May 2019 00:04:41 +0200] Moritz Mühlenhoff <jmm@debian.org>:
+
+  * New upstream release(s).
+    - avcodec/htmlsubtitles: Fixes denial of service due to use
+      of sscanf in inner loop for handling braces (CVE-2019-9718)
+    - avcodec/hevcdec: Avoid only partly skiping duplicate first slices
+      (CVE-2019-11338)
+    - avformat/asfdec_o: Check size_bmp more fully (CVE-2018-1999011)
+    - avformat/flvenc: Check audio packet size (CVE-2018-15822)
+
 7:3.2.12-1~deb9u1 [Sat, 28 Jul 2018 16:27:42 +0800] James Cowgill <jcowgill@debian.org>:
 
   * New upstream release.

<http://10.200.17.11/4.3-4/#397840453870570022>
Comment 2 Philipp Hahn univentionstaff 2019-05-26 11:30:27 CEST
OK: yaml
OK: announce_errata
OK: patch
OK: piuparts

[4.3-4] 7b27487e44 Bug #49547: ffmpeg 7:3.2.14-1~deb9u1
 doc/errata/staging/ffmpeg.yaml | 25 +++++++++++--------------
 1 file changed, 11 insertions(+), 14 deletions(-)

[4.3-4] ec0e014f77 Bug #49547: ffmpeg 7:3.2.14-1~deb9u1
 doc/errata/staging/ffmpeg.yaml | 29 +++++++++++++++++++++++++++++
 1 file changed, 29 insertions(+)
Comment 3 Arvid Requate univentionstaff 2019-05-29 13:51:31 CEST
<http://errata.software-univention.de/ucs/4.3/508.html>