SB2012082009 - Multiple vulnerabilities in ffmpeg.sourceforge.net FFmpeg

Description

This security bulletin contains information about 8 secuirty vulnerabilities.

1) Input validation error (CVE-ID: CVE-2012-0849)

The vulnerability allows a remote non-authenticated attacker to perform service disruption.

Integer overflow in the ff_j2k_dwt_init function in libavcodec/j2k_dwt.c in FFmpeg before 0.9.1 allows remote attackers to cause a denial of service (segmentation fault and application crash) via a crafted JPEG2000 image that triggers an incorrect check for a negative value.

2) Heap-based buffer overflow (CVE-ID: CVE-2012-0855)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in Heap-based buffer overflow in the get_sot function in the J2K decoder (j2k.c) in libavcodec in FFmpeg before 0.9.1. A remote attacker can use unspecified vectors related to the curtileno variable. to trigger heap-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

3) Heap-based buffer overflow (CVE-ID: CVE-2012-0854)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in The dpcm_decode_frame function in libavcodec/dpcm.c in FFmpeg before 0.9.1 does not use the proper pointer after an audio API change, which. A remote attacker can use unspecified vectors to trigger heap-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

4) Heap-based buffer overflow (CVE-ID: CVE-2012-0856)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in Heap-based buffer overflow in the MPV_frame_start function in libavcodec/mpegvideo.c in FFmpeg before 0.9.1, when the lowres option is enabled,. A remote attacker can use a crafted H263 media file. NOTE to trigger heap-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

5) Buffer overflow (CVE-ID: CVE-2012-0857)

The vulnerability allows a remote non-authenticated attacker to perform service disruption.

Multiple buffer overflows in the get_qcx function in the J2K decoder (j2kdec.c) in libavcode in FFmpeg before 0.9.1 allow remote attackers to cause a denial of service (application crash) via unspecified vectors.

6) Buffer overflow (CVE-ID: CVE-2012-0850)

The vulnerability allows a remote non-authenticated attacker to perform service disruption.

The sbr_qmf_synthesis function in libavcodec/aacsbr.c in FFmpeg before 0.9.1 allows remote attackers to cause a denial of service (application crash) via a crafted mpg file that triggers memory corruption involving the v_off variable, probably a buffer underflow.

7) Heap-based buffer overflow (CVE-ID: CVE-2012-0847)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in Heap-based buffer overflow in the avfilter_filter_samples function in libavfilter/avfilter.c in FFmpeg before 0.9.1. A remote attacker can use a crafted media file. to trigger heap-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

8) Input validation error (CVE-ID: CVE-2012-0859)

The vulnerability allows remote attackers to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input. A remote attacker can cause a denial of service (application crash) and possibly execute arbitrary code via a crafted Vorbis file, related to a large multiplier.

Remediation

Install update from vendor's website.

References

• http://ffmpeg.org/security.html
• http://git.videolan.org/?p=ffmpeg.git;a=commit;h=1f99939a6361e2e6d6788494dd7c682b051c6c34
• http://www.ffmpeg.org/trac/ffmpeg/ticket/776
• http://www.openwall.com/lists/oss-security/2012/02/01/11
• http://www.openwall.com/lists/oss-security/2012/02/14/4
• https://exchange.xforce.ibmcloud.com/vulnerabilities/78935
• http://git.videolan.org/?p=ffmpeg.git;a=commit;h=3eedf9f716733b3b4c5205726d2c1ca52b3d3d78
• https://exchange.xforce.ibmcloud.com/vulnerabilities/78929
• http://git.videolan.org/?p=ffmpeg.git;a=commit;h=6d8e6fe9dbc365f50521cf0c4a5ffee97c970cb5
• http://ffmpeg.org/trac/ffmpeg/ticket/757
• http://git.videolan.org/?p=ffmpeg.git;a=commit;h=21270cffaeab2f67a613907516b2b0cd6c9eacf4
• https://exchange.xforce.ibmcloud.com/vulnerabilities/78928
• https://exchange.xforce.ibmcloud.com/vulnerabilities/78927
• http://git.videolan.org/?p=ffmpeg.git;a=commit;h=944f5b2779e4aa63f7624df6cd4de832a53db81b
• https://exchange.xforce.ibmcloud.com/vulnerabilities/78934
• http://git.videolan.org/?p=ffmpeg.git;a=commit;h=ae21776207e8a2bbe268e7c9e203f7599dd87ddb
• http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=6fcf2bb8af0e7d6bb179e71e67e5fab8ef0d2ec2
• http://www.ubuntu.com/usn/USN-1479-1
• https://exchange.xforce.ibmcloud.com/vulnerabilities/78925