SB2018051528 - Multiple vulnerabilities in Libav
Published: May 15, 2018 Updated: August 8, 2020
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 4 secuirty vulnerabilities.
1) Buffer overflow (CVE-ID: CVE-2019-14441)
The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.
** DISPUTED ** An issue was discovered in Libav 12.3. An access violation allows remote attackers to cause a denial of service (application crash), as demonstrated by avconv. This is related to ff_mpa_synth_filter_float in avcodec/mpegaudiodsp_template.c. NOTE: This may be a duplicate of CVE-2018-19129.
2) Resource management error (CVE-ID: CVE-2019-14442)
The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.
In mpc8_read_header in libavformat/mpc8.c in Libav 12.3, an input file can result in an avio_seek infinite loop and hang, with 100% CPU consumption. Attackers could leverage this vulnerability to cause a denial of service via a crafted file.
3) Division by zero (CVE-ID: CVE-2019-14443)
The vulnerability allows a remote attacker to perform a denial of service attack.
The vulnerability exists due to a division by zero error within . A remote attacker can pass specially crafted data to the application and crash it.
4) Buffer overflow (CVE-ID: CVE-2018-11102)
The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.
An issue was discovered in Libav 12.3. A read access violation in the mov_probe function in libavformat/mov.c allows remote attackers to cause a denial of service (application crash), as demonstrated by avconv.
Remediation
Cybersecurity Help is not aware of any official remediation provided by the vendor.
References
- https://bugzilla.libav.org/show_bug.cgi?id=1161#c0
- https://bugzilla.libav.org/show_bug.cgi?id=1159
- https://lists.debian.org/debian-lts-announce/2019/09/msg00000.html
- https://bugzilla.libav.org/show_bug.cgi?id=1161#c1
- https://lists.debian.org/debian-lts-announce/2019/12/msg00003.html
- https://bugzilla.libav.org/show_bug.cgi?id=1128
- https://docs.google.com/document/d/18xCwfxMSJiQ9ruQSVaO8-jlcobDjFiYXWOaw31V37xo/edit