SB2018110108 - Denial of service vulnerabilities in Libav
Published: November 1, 2018 Updated: July 28, 2019
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 11 secuirty vulnerabilities.
1) Heap-based buffer overflow (CVE-ID: CVE-2018-18827)
The vulnerability allows a remote attacker to cause DoS condition on the target system.
The vulnerability exists due to heap-based buffer overflow in the ff_vc1_pred_dc function in vc1_block.c. A remote attacker can trick the victim into opening a specially crafted aac file, trigger memory corruption and cause the service to crash.
2) Heap-based buffer overflow (CVE-ID: CVE-2018-18826)
The vulnerability allows a remote attacker to cause DoS condition on the target system.
The vulnerability exists due to heap-based buffer overflow in the vc1_decode_p_mb_intfi function in vc1_block.c. A remote attacker can trick the victim into opening a specially crafted aac file, trigger memory corruption and cause the service to crash.
3) Infinite loop (CVE-ID: CVE-2019-14372)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop within the wv_read_block_header() in the file wvdec.c. A remote attacker can consume all available system resources and trigger denial of service condition.
4) Infinite loop (CVE-ID: CVE-2019-14371)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop within the mov_probe in the file libavformat/mov.c, related to offset and tag. A remote attacker can consume all available system resources and trigger denial of service condition.
5) NULL pointer dereference (CVE-ID: CVE-2018-18829)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dreference error in ff_vc1_parse_frame_header_adv in vc1.c in Libav 12.3, which allows attackers to cause a denial-of-service through a crafted aac file. A remote attacker can perform a denial of service (DoS) attack.
6) Heap-based buffer overflow (CVE-ID: CVE-2018-18828)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in vc1_decode_i_block_adv() function in vc1_block. A remote attacker can use a crafted aac file to trigger heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
7) Out-of-bounds read (CVE-ID: CVE-2018-19130)
The vulnerability allows a remote attacker to perform denial of service (DoS) attack.The vulnerability exists due to a boundary condition within the vc1_decode_frame() function in libavcodec/vc1dec.c. A remote attacker can create a specially crafted aac file, trigger out-of-bounds read error and crash the affected application.
8) NULL pointer dereference (CVE-ID: CVE-2018-19129)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error within the ff_mpa_synth_filter_float() function in libavcodec/mpegaudiodsp_template.c. A remote attacker can trigger denial of service conditions via a crafted mov file.
9) Out-of-bounds read (CVE-ID: CVE-2018-19128)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to heap-based buffer over-read in decode_frame() function in libavcodec/lcldec.c when processing a crafted avi file. A remote attacker can perform a denial of service attack.
10) Input validation error (CVE-ID: CVE-2018-20001)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input within the range_decode_culshift function in libavcodec/apedec.c. A remote attacker can create a specially crafted file, pass it to the application and perform denial of service attack.
11) Input validation error (CVE-ID: CVE-2018-11224)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input within the in_table_init16 function in libavcodec/aacsbr.c. A remote attacker can perform denial of service attack.
Remediation
Cybersecurity Help is not aware of any official remediation provided by the vendor.
References
- https://bugzilla.libav.org/show_bug.cgi?id=1135
- https://bugzilla.libav.org/show_bug.cgi?id=1165
- https://bugzilla.libav.org/show_bug.cgi?id=1163
- https://bugzilla.libav.org/show_bug.cgi?id=1136
- https://bugzilla.libav.org/show_bug.cgi?id=1139
- https://exchange.xforce.ibmcloud.com/vulnerabilities/152819
- https://bugzilla.libav.org/show_bug.cgi?id=1138
- https://bugzilla.libav.org/show_bug.cgi?id=1137
- https://bugzilla.libav.org/show_bug.cgi?id=1141
- https://bugzilla.libav.org/show_bug.cgi?id=1129
- https://docs.google.com/document/d/16_HC-FjFuBNMbaoR397z_3EwpDP6wb1DNWrfkD4qRDE/edit