SB2013112306 - Multiple vulnerabilities in ffmpeg.sourceforge.net FFmpeg

Security Bulletin ID SB2013112306

Severity

High

Patch available

YES

Number of vulnerabilities 7

Exploitation vector Remote access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 7 secuirty vulnerabilities.

1) Input validation error (CVE-ID: CVE-2012-6615)

The vulnerability allows remote attackers to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input. A remote attacker can cause a denial of service (NULL pointer dereference and crash) via a subtitle dialog without text. Per: http://cwe.mitre.org/data/definitions/476.html "CWE-476: NULL Pointer Dereference" AC:M for notation of file in bug report " ffmpeg crashes reproducibly when converting files with some subtitles. i've seen the crash with self-compiled ffmpeg 1.0 as well as the Mac OS X binary (linked to from the hompage) for 1.0.1.

2) Buffer overflow (CVE-ID: CVE-2012-6616)

The vulnerability allows a remote non-authenticated attacker to perform service disruption.

The mov_text_decode_frame function in libavcodec/movtextdec.c in FFmpeg before 1.0.2 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via crafted 3GPP TS 26.245 data.

3) Input validation error (CVE-ID: CVE-2012-6617)

The vulnerability allows a remote non-authenticated attacker to perform service disruption.

The prepare_sdp_description function in ffserver.c in FFmpeg before 1.0.2 allows remote attackers to cause a denial of service (crash) via vectors related to the rtp format.

4) Buffer overflow (CVE-ID: CVE-2012-6618)

The vulnerability allows a remote non-authenticated attacker to perform service disruption.

The av_probe_input_buffer function in libavformat/utils.c in FFmpeg before 1.0.2, when running with certain -probesize values, allows remote attackers to cause a denial of service (crash) via a crafted MP3 file, possibly related to frame size or lack of sufficient "frames to estimate rate."

5) Input validation error (CVE-ID: CVE-2013-0864)

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

The gif_copy_img_rect function in libavcodec/gifdec.c in FFmpeg before 1.1.2 performs an incorrect calculation for an "end pointer," which allows remote attackers to have an unspecified impact via crafted GIF data that triggers an out-of-bounds array access.

6) Buffer overflow (CVE-ID: CVE-2013-0868)

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

libavcodec/huffyuvdec.c in FFmpeg before 1.1.2 allows remote attackers to have an unspecified impact via crafted Huffyuv data, related to an out-of-bounds write and (1) unchecked return codes from the init_vlc function and (2) "len==0 cases."

7) Buffer overflow (CVE-ID: CVE-2013-0869)

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

The field_end function in libavcodec/h264.c in FFmpeg before 1.1.2 allows remote attackers to have an unspecified impact via crafted H.264 data, related to an SPS and slice mismatch and an out-of-bounds array access.

Remediation

Install update from vendor's website.

SB2013112306 - Multiple vulnerabilities in ffmpeg.sourceforge.net FFmpeg

Breakdown by Severity

Description

Remediation

References