SB2011012301 - Multiple vulnerabilities in ffmpeg.sourceforge.net FFmpeg

Description

This security bulletin contains information about 2 secuirty vulnerabilities.

1) Input validation error (CVE-ID: CVE-2010-4704)

The vulnerability allows remote attackers to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input. A remote attacker can cause a denial of service (application crash) via a crafted .ogg file, related to the vorbis_floor0_decode function.

2) Input validation error (CVE-ID: CVE-2010-4705)

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

Integer overflow in the vorbis_residue_decode_internal function in libavcodec/vorbis_dec.c in the Vorbis decoder in FFmpeg, possibly 0.6, has unspecified impact and remote attack vectors, related to the sizes of certain integer data types. NOTE: this might overlap CVE-2011-0480.

Remediation

Install update from vendor's website.

References

• http://ffmpeg.mplayerhq.hu/
• http://git.ffmpeg.org/?p=ffmpeg.git;a=commit;h=3dde66752d59dfdd0f3727efd66e7202b3c75078
• http://secunia.com/advisories/43323
• http://www.debian.org/security/2011/dsa-2165
• http://www.debian.org/security/2011/dsa-2306
• http://www.mandriva.com/security/advisories?name=MDVSA-2011:060
• http://www.mandriva.com/security/advisories?name=MDVSA-2011:061
• http://www.mandriva.com/security/advisories?name=MDVSA-2011:062
• http://www.mandriva.com/security/advisories?name=MDVSA-2011:088
• http://www.mandriva.com/security/advisories?name=MDVSA-2011:089
• http://www.mandriva.com/security/advisories?name=MDVSA-2011:112
• http://www.mandriva.com/security/advisories?name=MDVSA-2011:114
• http://www.securityfocus.com/bid/46294
• http://www.ubuntu.com/usn/usn-1104-1/
• http://www.vupen.com/english/advisories/2011/1241
• https://roundup.ffmpeg.org/issue2322
• http://git.ffmpeg.org/?p=ffmpeg.git;a=commit;h=366d919016a679d3955f6fe5278fa7ce4f47b81e