SB2016031227 - Gentoo update for FFmpeg
Published: March 12, 2016 Updated: June 28, 2025
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 59 secuirty vulnerabilities.
1) NULL pointer dereference (CVE-ID: CVE-2013-0860)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error. A remote attacker can trigger denial of service conditions via crafted picture data.
2) Buffer overflow (CVE-ID: CVE-2013-0861)
The vulnerability allows a remote non-authenticated attacker to manipulate data.
The avcodec_decode_audio4 function in libavcodec/utils.c in FFmpeg before 1.0.4 and 1.1.x before 1.1.1 allows remote attackers to trigger memory corruption via vectors related to the channel layout.
3) Input validation error (CVE-ID: CVE-2013-0862)
The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.
Multiple integer overflows in the process_frame_obj function in libavcodec/sanm.c in FFmpeg before 1.1.2 allow remote attackers to have an unspecified impact via crafted image dimensions in LucasArts Smush video data, which triggers an out-of-bounds array access.
4) Buffer overflow (CVE-ID: CVE-2013-0863)
The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.
Buffer overflow in the rle_decode function in libavcodec/sanm.c in FFmpeg before 1.0.4 and 1.1.x before 1.1.2 allows remote attackers to have an unspecified impact via crafted LucasArts Smush video data.
5) Input validation error (CVE-ID: CVE-2013-0864)
The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.
The gif_copy_img_rect function in libavcodec/gifdec.c in FFmpeg before 1.1.2 performs an incorrect calculation for an "end pointer," which allows remote attackers to have an unspecified impact via crafted GIF data that triggers an out-of-bounds array access.
6) Buffer overflow (CVE-ID: CVE-2013-0865)
The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.
The vqa_decode_chunk function in libavcodec/vqavideo.c in FFmpeg before 1.0.4 and 1.1.x before 1.1.2 allows remote attackers to have an unspecified impact via a large (1) cbp0 or (2) cbpz chunk in Westwood Studios VQA Video file, which triggers an out-of-bounds write.
7) Buffer overflow (CVE-ID: CVE-2013-0866)
The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.
The aac_decode_init function in libavcodec/aacdec.c in FFmpeg before 1.0.4 and 1.1.x before 1.1.2 allows remote attackers to have an unspecified impact via a large number of channels in an AAC file, which triggers an out-of-bounds array access.
8) Input validation error (CVE-ID: CVE-2013-0867)
The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.
The decode_slice_header function in libavcodec/h264.c in FFmpeg before 1.1.2 does not properly check when the pixel format changes, which allows remote attackers to have unspecified impact via crafted H.264 video data, related to an out-of-bounds array access.
9) Buffer overflow (CVE-ID: CVE-2013-0868)
The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.
libavcodec/huffyuvdec.c in FFmpeg before 1.1.2 allows remote attackers to have an unspecified impact via crafted Huffyuv data, related to an out-of-bounds write and (1) unchecked return codes from the init_vlc function and (2) "len==0 cases."
10) Buffer overflow (CVE-ID: CVE-2013-0872)
The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.
The swr_init function in libswresample/swresample.c in FFmpeg before 1.1.3 allows remote attackers to have an unspecified impact via an invalid or unsupported (1) input or (2) output channel layout, related to an out-of-bounds array access.
11) Input validation error (CVE-ID: CVE-2013-0873)
The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.
The read_header function in libavcodec/shorten.c in FFmpeg before 1.1.3 allows remote attackers to have an unspecified impact via an invalid channel count, related to "freeing invalid addresses."
12) Buffer overflow (CVE-ID: CVE-2013-0874)
The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.
The (1) doubles2str and (2) shorts2str functions in libavcodec/tiff.c in FFmpeg before 1.1.3 allow remote attackers to have an unspecified impact via a crafted TIFF image, related to an out-of-bounds array access.
13) Input validation error (CVE-ID: CVE-2013-0875)
The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.
The ff_add_png_paeth_prediction function in libavcodec/pngdec.c in FFmpeg before 1.1.3 allows remote attackers to have an unspecified impact via a crafted PNG image, related to an out-of-bounds array access.
14) Input validation error (CVE-ID: CVE-2013-0876)
The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.
Multiple integer overflows in the (1) old_codec37 and (2) old_codec47 functions in libavcodec/sanm.c in FFmpeg before 1.1.3 allow remote attackers to have an unspecified impact via crafted LucasArts Smush data, which triggers an out-of-bounds array access.
15) Buffer overflow (CVE-ID: CVE-2013-0877)
The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.
The old_codec37 function in libavcodec/sanm.c in FFmpeg before 1.1.3 allows remote attackers to have an unspecified impact via crafted LucasArts Smush data that has a large size when decoded, related to an out-of-bounds array access.
16) Buffer overflow (CVE-ID: CVE-2013-0878)
The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.
The advance_line function in libavcodec/targa.c in FFmpeg before 1.1.3 allows remote attackers to have an unspecified impact via crafted Targa image data, related to an out-of-bounds array access.
17) Buffer overflow (CVE-ID: CVE-2013-4263)
The vulnerability allows a remote non-authenticated attacker to read and manipulate data.
libavfilter in FFmpeg before 2.0.1 has unspecified impact and remote vectors related to a crafted "plane," which triggers an out-of-bounds heap write.
18) Buffer overflow (CVE-ID: CVE-2013-4264)
The vulnerability allows a remote non-authenticated attacker to perform service disruption.
The kempf_decode_tile function in libavcodec/g2meet.c in FFmpeg before 2.0.1 allows remote attackers to cause a denial of service (out-of-bounds heap write) via a G2M4 encoded file.
19) NULL pointer dereference (CVE-ID: CVE-2013-4265)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error in libavutil/mem.c in FFmpeg before 2.0.1 has an unspecified impact and remote vectors related to a "wrong return code" and a resultant NULL pointer dereference. http://cwe.mitre.org/data/definitions/476. A remote attacker can perform a denial of service (DoS) attack.
20) Input validation error (CVE-ID: CVE-2013-7008)
The vulnerability allows a remote non-authenticated attacker to read and manipulate data.
The decode_slice_header function in libavcodec/h264.c in FFmpeg before 2.1 incorrectly relies on a certain droppable field, which allows remote attackers to cause a denial of service (deadlock) or possibly have unspecified other impact via crafted H.264 data.
21) Buffer overflow (CVE-ID: CVE-2013-7009)
The vulnerability allows a remote non-authenticated attacker to read and manipulate data.
The rpza_decode_stream function in libavcodec/rpza.c in FFmpeg before 2.1 does not properly maintain a pointer to pixel data, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted Apple RPZA data.
22) Input validation error (CVE-ID: CVE-2013-7010)
The vulnerability allows a remote non-authenticated attacker to read and manipulate data.
Multiple integer signedness errors in libavcodec/dsputil.c in FFmpeg before 2.1 allow remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted data.
23) Buffer overflow (CVE-ID: CVE-2013-7011)
The vulnerability allows a remote non-authenticated attacker to read and manipulate data.
The read_header function in libavcodec/ffv1dec.c in FFmpeg before 2.1 does not prevent changes to global parameters, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted FFV1 data.
24) Buffer overflow (CVE-ID: CVE-2013-7012)
The vulnerability allows a remote non-authenticated attacker to read and manipulate data.
The get_siz function in libavcodec/jpeg2000dec.c in FFmpeg before 2.1 does not prevent attempts to use non-zero image offsets, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted JPEG2000 data.
25) Input validation error (CVE-ID: CVE-2013-7013)
The vulnerability allows a remote non-authenticated attacker to read and manipulate data.
The g2m_init_buffers function in libavcodec/g2meet.c in FFmpeg before 2.1 uses an incorrect ordering of arithmetic operations, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted Go2Webinar data.
26) Input validation error (CVE-ID: CVE-2013-7014)
The vulnerability allows a remote non-authenticated attacker to read and manipulate data.
Integer signedness error in the add_bytes_l2_c function in libavcodec/pngdsp.c in FFmpeg before 2.1 allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted PNG data.
27) Input validation error (CVE-ID: CVE-2013-7015)
The vulnerability allows a remote non-authenticated attacker to read and manipulate data.
The flashsv_decode_frame function in libavcodec/flashsv.c in FFmpeg before 2.1 does not properly validate a certain height value, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted Flash Screen Video data.
28) Buffer overflow (CVE-ID: CVE-2013-7016)
The vulnerability allows a remote non-authenticated attacker to read and manipulate data.
The get_siz function in libavcodec/jpeg2000dec.c in FFmpeg before 2.1 does not ensure the expected sample separation, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted JPEG2000 data.
29) Input validation error (CVE-ID: CVE-2013-7017)
The vulnerability allows remote attackers to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input. A remote attacker can cause a denial of service (invalid pointer dereference) or possibly have unspecified other impact via crafted JPEG2000 data.
30) Buffer overflow (CVE-ID: CVE-2013-7018)
The vulnerability allows a remote non-authenticated attacker to read and manipulate data.
libavcodec/jpeg2000dec.c in FFmpeg before 2.1 does not ensure the use of valid code-block dimension values, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted JPEG2000 data.
31) Input validation error (CVE-ID: CVE-2013-7019)
The vulnerability allows a remote non-authenticated attacker to read and manipulate data.
The get_cox function in libavcodec/jpeg2000dec.c in FFmpeg before 2.1 does not properly validate the reduction factor, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted JPEG2000 data.
32) Buffer overflow (CVE-ID: CVE-2013-7020)
The vulnerability allows a remote non-authenticated attacker to read and manipulate data.
The read_header function in libavcodec/ffv1dec.c in FFmpeg before 2.1 does not properly enforce certain bit-count and colorspace constraints, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted FFV1 data.
33) Resource management error (CVE-ID: CVE-2013-7021)
The vulnerability allows a remote non-authenticated attacker to read and manipulate data.
The filter_frame function in libavfilter/vf_fps.c in FFmpeg before 2.1 does not properly ensure the availability of FIFO content, which allows remote attackers to cause a denial of service (double free) or possibly have unspecified other impact via crafted data.
34) Buffer overflow (CVE-ID: CVE-2013-7022)
The vulnerability allows a remote non-authenticated attacker to read and manipulate data.
The g2m_init_buffers function in libavcodec/g2meet.c in FFmpeg before 2.1 does not properly allocate memory for tiles, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted Go2Webinar data.
35) Buffer overflow (CVE-ID: CVE-2013-7023)
The vulnerability allows a remote non-authenticated attacker to read and manipulate data.
The ff_combine_frame function in libavcodec/parser.c in FFmpeg before 2.1 does not properly handle certain memory-allocation errors, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted data.
36) Buffer overflow (CVE-ID: CVE-2013-7024)
The vulnerability allows a remote non-authenticated attacker to read and manipulate data.
The jpeg2000_decode_tile function in libavcodec/jpeg2000dec.c in FFmpeg before 2.1 does not consider the component number in certain calculations, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted JPEG2000 data.
37) Input validation error (CVE-ID: CVE-2014-2097)
The vulnerability allows a remote non-authenticated attacker to read and manipulate data.
The tak_decode_frame function in libavcodec/takdec.c in FFmpeg before 2.1.4 does not properly validate a certain bits-per-sample value, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted TAK (aka Tom's lossless Audio Kompressor) data.
38) Buffer overflow (CVE-ID: CVE-2014-2098)
The vulnerability allows a remote non-authenticated attacker to read and manipulate data.
libavcodec/wmalosslessdec.c in FFmpeg before 2.1.4 uses an incorrect data-structure size for certain coefficients, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via crafted WMA data.
39) Buffer overflow (CVE-ID: CVE-2014-2263)
The vulnerability allows a remote non-authenticated attacker to read and manipulate data.
The mpegts_write_pmt function in the MPEG2 transport stream (aka DVB) muxer (libavformat/mpegtsenc.c) in FFmpeg, possibly 2.1 and earlier, allows remote attackers to have unspecified impact and vectors, which trigger an out-of-bounds write.
40) Heap-based buffer overflow (CVE-ID: CVE-2014-5271)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in Heap-based buffer overflow in the encode_slice function in libavcodec/proresenc_kostya.c in FFMpeg before 1.1.14, 1.2.x before 1.2.8, 2.x before 2.2.7, and 2.3.x before 2.3.3 and Libav before 10.5. A remote attacker can use unspecified vectors. to trigger heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
41) Buffer overflow (CVE-ID: CVE-2014-5272)
The vulnerability allows a remote non-authenticated attacker to read and manipulate data.
libavcodec/iff.c in FFMpeg before 1.1.14, 1.2.x before 1.2.8, 2.2.x before 2.2.7, and 2.3.x before 2.3.2 allows remote attackers to have unspecified impact via a crafted iff image, which triggers an out-of-bounds array access, related to the rgb8 and rgbn formats.
42) Buffer overflow (CVE-ID: CVE-2014-7937)
The vulnerability allows a remote non-authenticated attacker to read and manipulate data.
Multiple off-by-one errors in libavcodec/vorbisdec.c in FFmpeg before 2.4.2, as used in Google Chrome before 40.0.2214.91, allow remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted Vorbis I data.
43) Buffer overflow (CVE-ID: CVE-2014-8541)
The vulnerability allows a remote non-authenticated attacker to read and manipulate data.
libavcodec/mjpegdec.c in FFmpeg before 2.4.2 considers only dimension differences, and not bits-per-pixel differences, when determining whether an image size has changed, which allows remote attackers to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via crafted MJPEG data.
44) Buffer overflow (CVE-ID: CVE-2014-8542)
The vulnerability allows a remote non-authenticated attacker to read and manipulate data.
libavcodec/utils.c in FFmpeg before 2.4.2 omits a certain codec ID during enforcement of alignment, which allows remote attackers to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via crafted JV data.
45) Input validation error (CVE-ID: CVE-2014-8543)
The vulnerability allows a remote non-authenticated attacker to read and manipulate data.
libavcodec/mmvideo.c in FFmpeg before 2.4.2 does not consider all lines of HHV Intra blocks during validation of image height, which allows remote attackers to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via crafted MM video data.
46) Input validation error (CVE-ID: CVE-2014-8544)
The vulnerability allows a remote non-authenticated attacker to read and manipulate data.
libavcodec/tiff.c in FFmpeg before 2.4.2 does not properly validate bits-per-pixel fields, which allows remote attackers to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via crafted TIFF data.
47) Input validation error (CVE-ID: CVE-2014-8545)
The vulnerability allows a remote non-authenticated attacker to read and manipulate data.
libavcodec/pngdec.c in FFmpeg before 2.4.2 accepts the monochrome-black format without verifying that the bits-per-pixel value is 1, which allows remote attackers to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via crafted PNG data.
48) Input validation error (CVE-ID: CVE-2014-8546)
The vulnerability allows a remote non-authenticated attacker to read and manipulate data.
Integer underflow in libavcodec/cinepak.c in FFmpeg before 2.4.2 allows remote attackers to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via crafted Cinepak video data.
49) Buffer overflow (CVE-ID: CVE-2014-8547)
The vulnerability allows a remote non-authenticated attacker to read and manipulate data.
libavcodec/gifdec.c in FFmpeg before 2.4.2 does not properly compute image heights, which allows remote attackers to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via crafted GIF data.
50) Buffer overflow (CVE-ID: CVE-2014-8548)
The vulnerability allows a remote non-authenticated attacker to read and manipulate data.
Off-by-one error in libavcodec/smc.c in FFmpeg before 2.4.2 allows remote attackers to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via crafted Quicktime Graphics (aka SMC) video data.
51) Input validation error (CVE-ID: CVE-2014-8549)
The vulnerability allows a remote non-authenticated attacker to read and manipulate data.
libavcodec/on2avc.c in FFmpeg before 2.4.2 does not constrain the number of channels to at most 2, which allows remote attackers to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via crafted On2 data.
52) Buffer overflow (CVE-ID: CVE-2014-9316)
The vulnerability allows a remote non-authenticated attacker to read and manipulate data.
The mjpeg_decode_app function in libavcodec/mjpegdec.c in FFMpeg before 2.1.6, 2.2.x through 2.3.x, and 2.4.x before 2.4.4 allows remote attackers to cause a denial of service (out-of-bounds heap access) and possibly have other unspecified impact via vectors related to LJIF tags in an MJPEG file.
53) Buffer overflow (CVE-ID: CVE-2014-9317)
The vulnerability allows a remote non-authenticated attacker to read and manipulate data.
The decode_ihdr_chunk function in libavcodec/pngdec.c in FFMpeg before 2.1.6, 2.2.x through 2.3.x, and 2.4.x before 2.4.4 allows remote attackers to cause a denial of service (out-of-bounds heap access) and possibly have other unspecified impact via an IDAT before an IHDR in a PNG file.
54) Buffer overflow (CVE-ID: CVE-2014-9318)
The vulnerability allows a remote non-authenticated attacker to read and manipulate data.
The raw_decode function in libavcodec/rawdec.c in FFMpeg before 2.1.6, 2.2.x through 2.3.x, and 2.4.x before 2.4.4 allows remote attackers to cause a denial of service (out-of-bounds heap access) and possibly have other unspecified impact via a crafted .cine file that triggers the avpicture_get_size function to return a negative frame size.
55) Buffer overflow (CVE-ID: CVE-2014-9319)
The vulnerability allows a remote non-authenticated attacker to perform service disruption.
The ff_hevc_decode_nal_sps function in libavcodec/hevc_ps.c in FFMpeg before 2.1.6, 2.2.x through 2.3.x, and 2.4.x before 2.4.4 allows remote attackers to cause a denial of service (out-of-bounds access) via a crafted .bit file.
56) Input validation error (CVE-ID: CVE-2014-9602)
The vulnerability allows a remote non-authenticated attacker to read and manipulate data.
libavcodec/xface.h in FFmpeg before 2.5.2 establishes certain digits and words array dimensions that do not satisfy a required mathematical relationship, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted X-Face image data.
57) Input validation error (CVE-ID: CVE-2014-9603)
The vulnerability allows a remote non-authenticated attacker to read and manipulate data.
The vmd_decode function in libavcodec/vmdvideo.c in FFmpeg before 2.5.2 does not validate the relationship between a certain length value and the frame width, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted Sierra VMD video data.
58) Input validation error (CVE-ID: CVE-2014-9604)
The vulnerability allows a remote non-authenticated attacker to read and manipulate data.
libavcodec/utvideodec.c in FFmpeg before 2.5.2 does not check for a zero value of a slice height, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted Ut Video data, related to the (1) restore_median and (2) restore_median_il functions.
59) Buffer overflow (CVE-ID: CVE-2015-3395)
The vulnerability allows a remote non-authenticated attacker to read and manipulate data.
The msrle_decode_pal4 function in msrledec.c in Libav before 10.7 and 11.x before 11.4 and FFmpeg before 2.0.7, 2.2.x before 2.2.15, 2.4.x before 2.4.8, 2.5.x before 2.5.6, and 2.6.x before 2.6.2 allows remote attackers to have unspecified impact via a crafted image, related to a pixel pointer, which triggers an out-of-bounds array access.
Remediation
Install update from vendor's website.