SB2013120905 - Multiple vulnerabilities in ffmpeg.sourceforge.net FFmpeg
Published: December 9, 2013 Updated: October 12, 2021
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 16 secuirty vulnerabilities.
1) Resource management error (CVE-ID: CVE-2013-7021)
The vulnerability allows a remote non-authenticated attacker to read and manipulate data.
The filter_frame function in libavfilter/vf_fps.c in FFmpeg before 2.1 does not properly ensure the availability of FIFO content, which allows remote attackers to cause a denial of service (double free) or possibly have unspecified other impact via crafted data.
2) Buffer overflow (CVE-ID: CVE-2013-7022)
The vulnerability allows a remote non-authenticated attacker to read and manipulate data.
The g2m_init_buffers function in libavcodec/g2meet.c in FFmpeg before 2.1 does not properly allocate memory for tiles, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted Go2Webinar data.
3) Buffer overflow (CVE-ID: CVE-2013-7023)
The vulnerability allows a remote non-authenticated attacker to read and manipulate data.
The ff_combine_frame function in libavcodec/parser.c in FFmpeg before 2.1 does not properly handle certain memory-allocation errors, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted data.
4) Buffer overflow (CVE-ID: CVE-2013-7024)
The vulnerability allows a remote non-authenticated attacker to read and manipulate data.
The jpeg2000_decode_tile function in libavcodec/jpeg2000dec.c in FFmpeg before 2.1 does not consider the component number in certain calculations, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted JPEG2000 data.
5) Input validation error (CVE-ID: CVE-2013-7015)
The vulnerability allows a remote non-authenticated attacker to read and manipulate data.
The flashsv_decode_frame function in libavcodec/flashsv.c in FFmpeg before 2.1 does not properly validate a certain height value, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted Flash Screen Video data.
6) Buffer overflow (CVE-ID: CVE-2013-7016)
The vulnerability allows a remote non-authenticated attacker to read and manipulate data.
The get_siz function in libavcodec/jpeg2000dec.c in FFmpeg before 2.1 does not ensure the expected sample separation, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted JPEG2000 data.
7) Input validation error (CVE-ID: CVE-2013-7017)
The vulnerability allows remote attackers to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input. A remote attacker can cause a denial of service (invalid pointer dereference) or possibly have unspecified other impact via crafted JPEG2000 data.
8) Buffer overflow (CVE-ID: CVE-2013-7018)
The vulnerability allows a remote non-authenticated attacker to read and manipulate data.
libavcodec/jpeg2000dec.c in FFmpeg before 2.1 does not ensure the use of valid code-block dimension values, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted JPEG2000 data.
9) Input validation error (CVE-ID: CVE-2013-7019)
The vulnerability allows a remote non-authenticated attacker to read and manipulate data.
The get_cox function in libavcodec/jpeg2000dec.c in FFmpeg before 2.1 does not properly validate the reduction factor, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted JPEG2000 data.
10) Input validation error (CVE-ID: CVE-2013-7010)
The vulnerability allows a remote non-authenticated attacker to read and manipulate data.
Multiple integer signedness errors in libavcodec/dsputil.c in FFmpeg before 2.1 allow remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted data.
11) Buffer overflow (CVE-ID: CVE-2013-7011)
The vulnerability allows a remote non-authenticated attacker to read and manipulate data.
The read_header function in libavcodec/ffv1dec.c in FFmpeg before 2.1 does not prevent changes to global parameters, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted FFV1 data.
12) Buffer overflow (CVE-ID: CVE-2013-7012)
The vulnerability allows a remote non-authenticated attacker to read and manipulate data.
The get_siz function in libavcodec/jpeg2000dec.c in FFmpeg before 2.1 does not prevent attempts to use non-zero image offsets, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted JPEG2000 data.
13) Input validation error (CVE-ID: CVE-2013-7013)
The vulnerability allows a remote non-authenticated attacker to read and manipulate data.
The g2m_init_buffers function in libavcodec/g2meet.c in FFmpeg before 2.1 uses an incorrect ordering of arithmetic operations, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted Go2Webinar data.
14) Input validation error (CVE-ID: CVE-2013-7014)
The vulnerability allows a remote non-authenticated attacker to read and manipulate data.
Integer signedness error in the add_bytes_l2_c function in libavcodec/pngdsp.c in FFmpeg before 2.1 allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted PNG data.
15) Input validation error (CVE-ID: CVE-2013-7008)
The vulnerability allows a remote non-authenticated attacker to read and manipulate data.
The decode_slice_header function in libavcodec/h264.c in FFmpeg before 2.1 incorrectly relies on a certain droppable field, which allows remote attackers to cause a denial of service (deadlock) or possibly have unspecified other impact via crafted H.264 data.
16) Buffer overflow (CVE-ID: CVE-2013-7009)
The vulnerability allows a remote non-authenticated attacker to read and manipulate data.
The rpza_decode_stream function in libavcodec/rpza.c in FFmpeg before 2.1 does not properly maintain a pointer to pixel data, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted Apple RPZA data.
Remediation
Install update from vendor's website.
References
- http://ffmpeg.org/security.html
- http://openwall.com/lists/oss-security/2013/11/26/7
- http://openwall.com/lists/oss-security/2013/12/08/3
- https://github.com/FFmpeg/FFmpeg/commit/cdd5df8189ff1537f7abe8defe971f80602cc2d2
- https://security.gentoo.org/glsa/201603-06
- https://trac.ffmpeg.org/ticket/2905
- https://github.com/FFmpeg/FFmpeg/commit/e07ac727c1cc9eed39e7f9117c97006f719864bd
- https://trac.ffmpeg.org/ticket/2971
- https://github.com/FFmpeg/FFmpeg/commit/f31011e9abfb2ae75bb32bc44e2c34194c8dc40a
- https://trac.ffmpeg.org/ticket/2982
- https://github.com/FFmpeg/FFmpeg/commit/fe448cd28d674c3eff3072552eae366d0b659ce9
- https://trac.ffmpeg.org/ticket/2921
- http://www.debian.org/security/2014/dsa-2855
- https://github.com/FFmpeg/FFmpeg/commit/880c73cd76109697447fbfbaa8e5ee5683309446
- https://trac.ffmpeg.org/ticket/2844
- https://github.com/FFmpeg/FFmpeg/commit/8bb11c3ca77b52e05a9ed1496a65f8a76e6e2d8f
- https://trac.ffmpeg.org/ticket/2848
- https://github.com/FFmpeg/FFmpeg/commit/912ce9dd2080c5837285a471d750fa311e09b555
- https://github.com/FFmpeg/FFmpeg/commit/9a271a9368eaabf99e6c2046103acb33957e63b7
- https://trac.ffmpeg.org/ticket/2895
- https://github.com/FFmpeg/FFmpeg/commit/a1b9004b768bef606ee98d417bceb9392ceb788d
- https://trac.ffmpeg.org/ticket/2898
- http://git.libav.org/?p=libav.git;a=blob;f=Changelog;hb=refs/tags/v9.11
- https://github.com/FFmpeg/FFmpeg/commit/454a11a1c9c686c78aa97954306fb63453299760
- https://github.com/FFmpeg/FFmpeg/commit/547d690d676064069d44703a1917e0dab7e33445
- https://trac.ffmpeg.org/ticket/2906
- https://github.com/FFmpeg/FFmpeg/commit/780669ef7c23c00836a24921fcc6b03be2b8ca4a
- https://trac.ffmpeg.org/ticket/3080
- https://github.com/FFmpeg/FFmpeg/commit/821a5938d100458f4d09d634041b05c860554ce0
- https://trac.ffmpeg.org/ticket/2922
- https://github.com/FFmpeg/FFmpeg/commit/86736f59d6a527d8bc807d09b93f971c0fe0bb07
- https://trac.ffmpeg.org/ticket/2919
- https://github.com/FFmpeg/FFmpeg/commit/29ffeef5e73b8f41ff3a3f2242d356759c66f91f
- https://trac.ffmpeg.org/ticket/2927
- https://github.com/FFmpeg/FFmpeg/commit/3819db745da2ac7fb3faacb116788c32f4753f34
- https://trac.ffmpeg.org/ticket/2850