SB2013120907 - Multiple vulnerabilities in ffmpeg.sourceforge.net FFmpeg
Published: December 9, 2013 Updated: August 10, 2020
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 7 secuirty vulnerabilities.
1) Input validation error (CVE-ID: CVE-2011-3950)
The vulnerability allows a remote non-authenticated attacker to read and manipulate data.
The dirac_decode_data_unit function in libavcodec/diracdec.c in FFmpeg before 0.10 allows remote attackers to have an unspecified impact via a crafted value in the reference pictures number.
2) Input validation error (CVE-ID: CVE-2011-3949)
The vulnerability allows a remote non-authenticated attacker to read and manipulate data.
The dirac_unpack_idwt_params function in libavcodec/diracdec.c in FFmpeg before 0.10 allows remote attackers to have an unspecified impact via crafted Dirac data.
3) Resource management error (CVE-ID: CVE-2011-3946)
The vulnerability allows a remote non-authenticated attacker to read and manipulate data.
The ff_h264_decode_sei function in libavcodec/h264_sei.c in FFmpeg before 0.10 allows remote attackers to have an unspecified impact via crafted Supplemental enhancement information (SEI) data, which triggers an infinite loop.
4) Input validation error (CVE-ID: CVE-2011-3944)
The vulnerability allows a remote non-authenticated attacker to read and manipulate data.
The smacker_decode_header_tree function in libavcodec/smacker.c in FFmpeg before 0.10 allows remote attackers to have an unspecified impact via crafted Smacker data.
5) Buffer overflow (CVE-ID: CVE-2011-3941)
The vulnerability allows a remote non-authenticated attacker to read and manipulate data.
The decode_mb function in libavcodec/error_resilience.c in FFmpeg before 0.10 allows remote attackers to have an unspecified impact via vectors related to an uninitialized block index, which triggers an out-of-bounds write.
6) Input validation error (CVE-ID: CVE-2011-3935)
The vulnerability allows a remote non-authenticated attacker to read and manipulate data.
The codec_get_buffer function in ffmpeg.c in FFmpeg before 0.10 allows remote attackers to have an unspecified impact via vectors related to a crafted image size.
7) Resource management error (CVE-ID: CVE-2011-3934)
The vulnerability allows a remote non-authenticated attacker to read and manipulate data.
Double free vulnerability in the vp3_update_thread_context function in libavcodec/vp3.c in FFmpeg before 0.10 allows remote attackers to have an unspecified impact via crafted vp3 data.
Remediation
Install update from vendor's website.
References
- http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=ddf0c1d86ad8e1df5ab3265206aef493a1bdc813
- http://www.ffmpeg.org/security.html
- http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=e2291ea1534d17306f685b8c8abc8585bbed87bf
- http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=9decfc17bb76da34734296048d390b176abf404c
- http://git.videolan.org/?p=ffmpeg.git;a=commit;h=1285baaab550e3e761590ef6dfb1d9bd9d1332e4
- http://www.debian.org/security/2014/dsa-2855
- http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=c77be3a35a0160d6af88056b0899f120f2eef38e
- http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=668494acd8b20f974c7722895d4a6a14c1005f1e
- http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=247d30a7dba6684ccce4508424f35fd58465e535