SB2017120407 - Multiple vulnerabilities in Libav

Security Bulletin ID SB2017120407

CSH Severity

High

Patch available

NO

Number of vulnerabilities 10

Exploitation vector Remote access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 10 vulnerabilities.

1) Out-of-bounds read (CVE-ID: CVE-2017-18245)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error in The mpc8_probe function in libavformat/mpc8.c in Libav 12.2. A remote attacker can perform a denial of service (heap-based buffer over-read) via a crafted audio file.

2) Out-of-bounds read (CVE-ID: CVE-2017-18246)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error in The pcm_encode_frame function in libavcodec/pcm.c in Libav 12.2. A remote attacker can perform a denial of service (heap-based buffer over-read) via a crafted media file.

3) NULL pointer dereference (CVE-ID: CVE-2017-18247)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error. A remote attacker can trigger denial of service conditions via a crafted media file.

4) Out-of-bounds read (CVE-ID: CVE-2017-18242)

The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.

The apply_dependent_coupling function in libavcodec/aacdec.c in Libav 12.2 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted aac file.

5) Buffer overflow (CVE-ID: CVE-2017-18243)

The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.

The unpack_parse_unit function in libavcodec/dirac_parser.c in Libav 12.2 allows remote attackers to cause a denial of service (segmentation fault) via a crafted file.

6) Out-of-bounds read (CVE-ID: CVE-2017-18244)

The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.

The stereo_processing function in libavcodec/aacps.c in Libav 12.2 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted aac file, related to ff_ps_apply.

7) NULL pointer dereference (CVE-ID: CVE-2017-17127)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error. A remote attacker can trigger denial of service conditions via a crafted file.

8) Buffer overflow (CVE-ID: CVE-2017-17128)

The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.

The h264_slice_init function in libavcodec/h264_slice.c in Libav 12.2 allows remote attackers to cause a denial of service (segmentation fault and application crash) via a crafted file.

9) NULL pointer dereference (CVE-ID: CVE-2017-17129)

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

The ff_vc1_mc_4mv_chroma4 function in libavcodec/vc1_mc.c in Libav 12.2 allows remote attackers to cause a denial of service (segmentation fault and application crash) or possibly have unspecified other impact via a crafted file.

10) Heap-based buffer overflow (CVE-ID: CVE-2017-17130)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in The ff_free_picture_tables function in libavcodec/mpegpicture.c in Libav 12.2. A remote attacker can use a crafted file to trigger heap-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Remediation

Cybersecurity Help is not aware of any official remediation provided by the vendor.

SB2017120407 - Multiple vulnerabilities in Libav

Breakdown by Severity

Description

Remediation

References

Please verify you're human