SB2013112310 - Multiple vulnerabilities in ffmpeg.sourceforge.net FFmpeg
Published: November 23, 2013 Updated: August 10, 2020
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 10 secuirty vulnerabilities.
1) Buffer overflow (CVE-ID: CVE-2013-0863)
The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.
Buffer overflow in the rle_decode function in libavcodec/sanm.c in FFmpeg before 1.0.4 and 1.1.x before 1.1.2 allows remote attackers to have an unspecified impact via crafted LucasArts Smush video data.
2) Buffer overflow (CVE-ID: CVE-2013-0865)
The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.
The vqa_decode_chunk function in libavcodec/vqavideo.c in FFmpeg before 1.0.4 and 1.1.x before 1.1.2 allows remote attackers to have an unspecified impact via a large (1) cbp0 or (2) cbpz chunk in Westwood Studios VQA Video file, which triggers an out-of-bounds write.
3) Buffer overflow (CVE-ID: CVE-2013-0866)
The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.
The aac_decode_init function in libavcodec/aacdec.c in FFmpeg before 1.0.4 and 1.1.x before 1.1.2 allows remote attackers to have an unspecified impact via a large number of channels in an AAC file, which triggers an out-of-bounds array access.
4) Buffer overflow (CVE-ID: CVE-2013-0872)
The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.
The swr_init function in libswresample/swresample.c in FFmpeg before 1.1.3 allows remote attackers to have an unspecified impact via an invalid or unsupported (1) input or (2) output channel layout, related to an out-of-bounds array access.
5) Input validation error (CVE-ID: CVE-2013-0873)
The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.
The read_header function in libavcodec/shorten.c in FFmpeg before 1.1.3 allows remote attackers to have an unspecified impact via an invalid channel count, related to "freeing invalid addresses."
6) Buffer overflow (CVE-ID: CVE-2013-0874)
The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.
The (1) doubles2str and (2) shorts2str functions in libavcodec/tiff.c in FFmpeg before 1.1.3 allow remote attackers to have an unspecified impact via a crafted TIFF image, related to an out-of-bounds array access.
7) Input validation error (CVE-ID: CVE-2013-0875)
The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.
The ff_add_png_paeth_prediction function in libavcodec/pngdec.c in FFmpeg before 1.1.3 allows remote attackers to have an unspecified impact via a crafted PNG image, related to an out-of-bounds array access.
8) Input validation error (CVE-ID: CVE-2013-0876)
The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.
Multiple integer overflows in the (1) old_codec37 and (2) old_codec47 functions in libavcodec/sanm.c in FFmpeg before 1.1.3 allow remote attackers to have an unspecified impact via crafted LucasArts Smush data, which triggers an out-of-bounds array access.
9) Buffer overflow (CVE-ID: CVE-2013-0877)
The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.
The old_codec37 function in libavcodec/sanm.c in FFmpeg before 1.1.3 allows remote attackers to have an unspecified impact via crafted LucasArts Smush data that has a large size when decoded, related to an out-of-bounds array access.
10) Buffer overflow (CVE-ID: CVE-2013-0878)
The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.
The advance_line function in libavcodec/targa.c in FFmpeg before 1.1.3 allows remote attackers to have an unspecified impact via crafted Targa image data, related to an out-of-bounds array access.
Remediation
Install update from vendor's website.
References
- http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=62c9beda0c189db5cb61fa772057e3af9521f293
- http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=89e16e675d3cbe76cf4581f98bf4ac300cab0286
- http://www.ffmpeg.org/security.html
- https://security.gentoo.org/glsa/201603-06
- http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=08e2c7a45f82b897a285548c257972eb1ad352c5
- http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=f3d16706060ab6ae6dc78f15359fab3fd87c9495
- http://www.debian.org/security/2014/dsa-2855
- http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=47e462eecc0a47ad40f59376199f93f227e21d13
- http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=c459c7b23efffab762560e41ad6a2c0dbbfd4915
- http://www.debian.org/security/2013/dsa-2793
- http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=21cd905cd44a4bbafe8631bbaa6021d328413ce5
- http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=4f1279154ee9baf2078241bf5619774970d18b25
- http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=e1219cdaf9fb4bc8cea410e1caf802373c1bfe51
- http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=1ac0fa50eff30d413206cffa5f47f7fe6d4849b1
- http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=5260edee7e5bd975837696c8c8c1a80eb2fbd7c1
- http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=365270aec5c2b9284230abc702b11168818f14cf
- http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=f5955d9f6f9ffdb81864c3de1c7b801782a55725