SB2020033017 - Gentoo update for FFmpeg

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2020033017

SB2020033017 - Gentoo update for FFmpeg

Published: March 30, 2020 Updated: March 30, 2020

Security Bulletin ID SB2020033017
Severity
High
Patch available
YES
Number of vulnerabilities 10
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

High 20% Medium 10% Low 70%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 10 secuirty vulnerabilities.


1) Out-of-bounds read (CVE-ID: CVE-2018-10001)

The vulnerability allows a remote unauthenticated attacker to cause DoS condition.

The vulnerability exists in the decode_init function in libavcodec/utvideodec.c due to insufficient input validation. A remote attacker can trick the victim into opening a specially crafted AVI file that submits malicious input, trigger a out-of-bounds read and cause the service to crash.


2) Out-of-bounds read (CVE-ID: CVE-2018-6912)

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists in the decode_plane function in libavcodec/utvideodec.c due to nsufficient validation of user-supplied input. A remote attacker can submit a specially crafted AVI, trigger out-of-array read and cause the application to crash.

3) Out-of-bounds read (CVE-ID: CVE-2018-7557)

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists in the decode_init function due to out-of-bounds read. A remote attacker can trick the victim into opening a specially crafted Audio Video Interleave (AVI) file with the affected application, trigger memory corruption and cause the service to crash.

4) Infinite loop (CVE-ID: CVE-2018-7751)

The vulnerability allows a remote unauthenticated attacker to cause DoS condition on the target system.

The weakness exists in the svg_probe function in the libavformat/img2dec.c source code file due to improper handling of XML files. A remote attacker can trick the victim into opening a specially crafted XML file, trigger infinite loop and cause the service to crash.

5) Out-of-bounds read (CVE-ID: CVE-2018-9841)

The vulnerability allows a remote unauthenticated attacker to cause DoS condition on the target system.

The weakness exists in the export function in the libavfilter/vf_signature.c source code file when processing files with long filenames. A remote attacker can trick the victim into opening a specially crafted file with a long filename, trigger out-of-array access and cause the service to crash.

6) Buffer overflow (CVE-ID: CVE-2019-12730)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in aa_read_header() function in libavformat/aadec.c. A remote attacker can create a specially crafted media file, trick the victim into opening it, trigger memory corruption and crash the affected application.


7) Heap-based buffer overflow (CVE-ID: CVE-2019-13312)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error when processing media files in block_cmp() function in libavcodec/zmbvenc.c. A remote attacker can create a specially crafted media file, trick the victim into opening it, trigger heap-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.


8) Division by zero (CVE-ID: CVE-2019-13390)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a divide-by-zero condition in the "adx_write_trailer" function in the "libavformat/rawenc.c" file. A remote attacker can trick the victim to open a specially crafted file and crash the affected application.

9) NULL pointer dereference (CVE-ID: CVE-2019-17539)

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to a NULL pointer dereference error within the avcodec_open2 in libavcodec/utils.c in in FFmpeg. A remote attacker can pass specially crafted media content to the affected application and perform a denial of service (DoS) attack or execute arbitrary code on the system.

Successful exploitation of the vulnerability may allows an attacker to compromise the affected system.


10) Heap-based buffer overflow (CVE-ID: CVE-2019-17542)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error within the vqa_decode_chunk because of an out-of-array access in vqa_decode_init in libavcodec/vqavideo.c. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger heap-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.


Remediation

Install update from vendor's website.

References