SB2018122126 - Multiple vulnerabilities in FFmpeg
Published: December 21, 2018 Updated: June 8, 2025
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 9 secuirty vulnerabilities.
1) Input validation error (CVE-ID: CVE-2015-6826)
The vulnerability allows a remote non-authenticated attacker to read and manipulate data.
The ff_rv34_decode_init_thread_copy function in libavcodec/rv34.c in FFmpeg before 2.7.2 does not initialize certain structure members, which allows remote attackers to cause a denial of service (invalid pointer access) or possibly have unspecified other impact via crafted (1) RV30 or (2) RV40 RealVideo data.
2) Input validation error (CVE-ID: CVE-2015-6825)
The vulnerability allows a remote non-authenticated attacker to read and manipulate data.
The ff_frame_thread_init function in libavcodec/pthread_frame.c in FFmpeg before 2.7.2 mishandles certain memory-allocation failures, which allows remote attackers to cause a denial of service (invalid pointer access) or possibly have unspecified other impact via a crafted file, as demonstrated by an AVI file.
3) Input validation error (CVE-ID: CVE-2015-6824)
The vulnerability allows a remote non-authenticated attacker to read and manipulate data.
The sws_init_context function in libswscale/utils.c in FFmpeg before 2.7.2 does not initialize certain pixbuf data structures, which allows remote attackers to cause a denial of service (segmentation violation) or possibly have unspecified other impact via crafted video data.
4) Input validation error (CVE-ID: CVE-2015-6823)
The vulnerability allows a remote non-authenticated attacker to read and manipulate data.
The allocate_buffers function in libavcodec/alac.c in FFmpeg before 2.7.2 does not initialize certain context data, which allows remote attackers to cause a denial of service (segmentation violation) or possibly have unspecified other impact via crafted Apple Lossless Audio Codec (ALAC) data.
5) Input validation error (CVE-ID: CVE-2015-6822)
The vulnerability allows a remote non-authenticated attacker to read and manipulate data.
The destroy_buffers function in libavcodec/sanm.c in FFmpeg before 2.7.2 does not properly maintain height and width values in the video context, which allows remote attackers to cause a denial of service (segmentation violation and application crash) or possibly have unspecified other impact via crafted LucasArts Smush video data.
6) Input validation error (CVE-ID: CVE-2015-6821)
The vulnerability allows a remote non-authenticated attacker to read and manipulate data.
The ff_mpv_common_init function in libavcodec/mpegvideo.c in FFmpeg before 2.7.2 does not properly maintain the encoding context, which allows remote attackers to cause a denial of service (invalid pointer access) or possibly have unspecified other impact via crafted MPEG data.
7) Buffer overflow (CVE-ID: CVE-2015-6820)
The vulnerability allows a remote non-authenticated attacker to read and manipulate data.
The ff_sbr_apply function in libavcodec/aacsbr.c in FFmpeg before 2.7.2 does not check for a matching AAC frame syntax element before proceeding with Spectral Band Replication calculations, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted AAC data.
8) Input validation error (CVE-ID: CVE-2015-6819)
The vulnerability allows a remote non-authenticated attacker to read and manipulate data.
Multiple integer underflows in the ff_mjpeg_decode_frame function in libavcodec/mjpegdec.c in FFmpeg before 2.7.2 allow remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted MJPEG data.
9) Input validation error (CVE-ID: CVE-2015-6818)
The vulnerability allows a remote non-authenticated attacker to read and manipulate data.
The decode_ihdr_chunk function in libavcodec/pngdec.c in FFmpeg before 2.7.2 does not enforce uniqueness of the IHDR (aka image header) chunk in a PNG image, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via a crafted image with two or more of these chunks.
Remediation
Install update from vendor's website.
References
- http://ffmpeg.org/security.html
- http://git.videolan.org/?p=ffmpeg.git;a=commit;h=3197c0aa87a3b7190e17d49e6fbc7b554e4b3f0a
- http://www.securitytracker.com/id/1033483
- http://www.ubuntu.com/usn/USN-2944-1
- https://lists.debian.org/debian-lts-announce/2018/12/msg00009.html
- http://git.videolan.org/?p=ffmpeg.git;a=commit;h=f1a38264f20382731cf2cc75fdd98f4c9a84a626
- http://git.videolan.org/?p=ffmpeg.git;a=commit;h=a5d44d5c220e12ca0cb7a4eceb0f74759cb13111
- https://lists.debian.org/debian-lts-announce/2018/12/msg00010.html
- http://git.videolan.org/?p=ffmpeg.git;a=commit;h=f7068bf277a37479aecde2832208d820682b35e6
- http://git.videolan.org/?p=ffmpeg.git;a=commit;h=39bbdebb1ed8eb9c9b0cd6db85afde6ba89d86e4
- http://git.videolan.org/?p=ffmpeg.git;a=commit;h=b160fc290cf49b516c5b6ee0730fd9da7fc623b1
- http://git.videolan.org/?p=ffmpeg.git;a=commit;h=79a98294da6cd85f8c86b34764c5e0c43b09eea3
- http://git.videolan.org/?p=ffmpeg.git;a=commit;h=84afc6b70d24fc0bf686e43138c96cf60a9445fe
- http://git.videolan.org/?p=ffmpeg.git;a=commit;h=47f4e2d8960ca756ca153ab8e3e93d80449b8c91