-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2012:075 http://www.mandriva.com/security/ _______________________________________________________________________ Package : ffmpeg Date : May 15, 2012 Affected: 2010.1 _______________________________________________________________________ Problem Description: Multiple vulnerabilities has been found and corrected in ffmpeg: The Matroska format decoder in FFmpeg does not properly allocate memory, which allows remote attackers to execute arbitrary code via a crafted file (CVE-2011-3362, CVE-2011-3504). cavsdec.c in libavcodec in FFmpeg allows remote attackers to cause a denial of service (incorrect write operation and application crash) via an invalid bitstream in a Chinese AVS video (aka CAVS) file, related to the decode_residual_block, check_for_slice, and cavs_decode_frame functions, a different vulnerability than CVE-2011-3362 (CVE-2011-3973). Integer signedness error in the decode_residual_inter function in cavsdec.c in libavcodec in FFmpeg allows remote attackers to cause a denial of service (incorrect write operation and application crash) via an invalid bitstream in a Chinese AVS video (aka CAVS) file, a different vulnerability than CVE-2011-3362 (CVE-2011-3974). Double free vulnerability in the Theora decoder in FFmpeg allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted stream (CVE-2011-3892). FFmpeg does not properly implement the MKV and Vorbis media handlers, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors (CVE-2011-3893). Heap-based buffer overflow in the Vorbis decoder in FFmpeg allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted stream (CVE-2011-3895). An error within the QDM2 decoder (libavcodec/qdm2.c) can be exploited to cause a buffer overflow (CVE-2011-4351). An integer overflow error within the "vp3_dequant()" function (libavcodec/vp3.c) can be exploited to cause a buffer overflow (CVE-2011-4352). Errors within the "av_image_fill_pointers()", the "vp5_parse_coeff()", and the "vp6_parse_coeff()" functions can be exploited to trigger out-of-bounds reads (CVE-2011-4353). It was discovered that Libav incorrectly handled certain malformed VMD files. If a user were tricked into opening a crafted VMD file, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program (CVE-2011-4364). It was discovered that Libav incorrectly handled certain malformed SVQ1 streams. If a user were tricked into opening a crafted SVQ1 stream file, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program (CVE-2011-4579). The updated packages have been upgraded to the 0.6.5 version where these issues has been corrected. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3362 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3504 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3973 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3974 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3892 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3893 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3895 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4351 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4352 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4353 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4364 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4579 _______________________________________________________________________ Updated Packages: Mandriva Linux 2010.1: 76f5e3a4f91e96e5ba189d5b5841537c 2010.1/i586/ffmpeg-0.6.5-0.1mdv2010.2.i586.rpm 8ef35b10c5424f0426a883ec4e45c955 2010.1/i586/libavformats52-0.6.5-0.1mdv2010.2.i586.rpm 9d6f71fbc09e19c8c4c585a7b68a7dbb 2010.1/i586/libavutil50-0.6.5-0.1mdv2010.2.i586.rpm e23906f8e8ba32a8d045a22dff998680 2010.1/i586/libffmpeg52-0.6.5-0.1mdv2010.2.i586.rpm 807975400e7e27acb302f65e963e7637 2010.1/i586/libffmpeg-devel-0.6.5-0.1mdv2010.2.i586.rpm 8966bf8167413bae2257ce348487f92c 2010.1/i586/libffmpeg-static-devel-0.6.5-0.1mdv2010.2.i586.rpm 5e74f9d11c703f2b0cfa478d56252631 2010.1/i586/libpostproc51-0.6.5-0.1mdv2010.2.i586.rpm 6acd1b55535e3e198252efdbe35c3bb1 2010.1/i586/libswscaler0-0.6.5-0.1mdv2010.2.i586.rpm d2fa2388afa05744216322c07e643db0 2010.1/SRPMS/ffmpeg-0.6.5-0.1mdv2010.2.src.rpm Mandriva Linux 2010.1/X86_64: e3c5a778ee768e51333705dc6174f778 2010.1/x86_64/ffmpeg-0.6.5-0.1mdv2010.2.x86_64.rpm 962e01f7fa44c306ce9b20d91e6349b9 2010.1/x86_64/lib64avformats52-0.6.5-0.1mdv2010.2.x86_64.rpm ca6036a91e3dbdfd788c0f6e6bd909f5 2010.1/x86_64/lib64avutil50-0.6.5-0.1mdv2010.2.x86_64.rpm f20c014495e8956f94fe52544bf15fe1 2010.1/x86_64/lib64ffmpeg52-0.6.5-0.1mdv2010.2.x86_64.rpm 66512d0d4a7b8b26dd91a49153dac0e8 2010.1/x86_64/lib64ffmpeg-devel-0.6.5-0.1mdv2010.2.x86_64.rpm ee7bf41983b6a493e3ba2560db2b6d73 2010.1/x86_64/lib64ffmpeg-static-devel-0.6.5-0.1mdv2010.2.x86_64.rpm ecb6241b62e646951400e0c018411ebe 2010.1/x86_64/lib64postproc51-0.6.5-0.1mdv2010.2.x86_64.rpm 02acf40f10ea8a52b57bff736b3e00bc 2010.1/x86_64/lib64swscaler0-0.6.5-0.1mdv2010.2.x86_64.rpm d2fa2388afa05744216322c07e643db0 2010.1/SRPMS/ffmpeg-0.6.5-0.1mdv2010.2.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iD8DBQFPsh0zmqjQ0CJFipgRAmabAKDpqUzZOJcBEBkTzl0rt70Yytx/vwCcCQIM 2S7GGfBfUQVFXnqU49518hI= =eNIf -----END PGP SIGNATURE-----