SB2020072828 - Gentoo update for FFmpeg 

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2020072828

SB2020072828 - Gentoo update for FFmpeg

Published: July 28, 2020

Security Bulletin ID SB2020072828
Severity
High
Patch available
YES
Number of vulnerabilities 5
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

High 80% Medium 20%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 5 secuirty vulnerabilities.


1) Heap-based buffer overflow (CVE-ID: CVE-2019-13312)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error when processing media files in block_cmp() function in libavcodec/zmbvenc.c. A remote attacker can create a specially crafted media file, trick the victim into opening it, trigger heap-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.


2) Buffer overflow (CVE-ID: CVE-2019-15942)

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

FFmpeg through 4.2 has a "Conditional jump or move depends on uninitialised value" issue in h2645_parse because alloc_rbsp_buffer in libavcodec/h2645_parse.c mishandles rbsp_buffer.


3) Heap-based buffer overflow (CVE-ID: CVE-2020-12284)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in "cbs_jpeg_split_fragment" in "libavcodec/cbs_jpeg.c" file during "JPEG_MARKER_SOS" handling. A remote attacker can trigger heap-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.


4) Use-after-free (CVE-ID: CVE-2020-13904)

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error in FFmpeg when processing a crafted EXTINF duration in an m3u8 file because parse_playlist in libavformat/hls.c frees a pointer, and later that pointer is accessed in av_probe_input_format3 in libavformat/format.c. A remote attacker can trick the victim to open a specially crafted media file or playlist, trigger a use-after-free error and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.


5) Heap-based buffer overflow (CVE-ID: CVE-2020-14212)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error within the avio_get_str in libavformat/aviobuf.c because dnn_backend_native.c calls ff_dnn_load_model_native and a certain index check is omitted. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger heap-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.


Remediation

Install update from vendor's website.

References