openEuler update for ffmpeg

Published: 2022-08-05

Risk	High
Patch available	YES
Number of vulnerabilities	3
CVE-ID	CVE-2020-35964 CVE-2021-38114 CVE-2013-0868
CWE-ID	CWE-787 CWE-252 CWE-119
Exploitation vector	Network
Public exploit	N/A
Vulnerable software	openEuler Operating systems & Components / Operating system ffmpeg-libs Operating systems & Components / Operating system package or component ffmpeg-devel Operating systems & Components / Operating system package or component libavdevice Operating systems & Components / Operating system package or component ffmpeg-debugsource Operating systems & Components / Operating system package or component ffmpeg-debuginfo Operating systems & Components / Operating system package or component ffmpeg Operating systems & Components / Operating system package or component
Vendor	openEuler

Security Bulletin

This security bulletin contains information about 3 vulnerabilities.

1) Out-of-bounds write

EUVDB-ID: #VU49222

Risk: High

CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2020-35964

CWE-ID: CWE-787 - Out-of-bounds write

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing untrusted input within the track_header() function in libavformat/vividas.c. A remote attacker can create a specially crafted file, trick the victim into opening it using the affected software, trigger out-of-bounds write and execute arbitrary code on the target system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP1 - 22.03 LTS

ffmpeg-libs: before 4.2.4-4

ffmpeg-devel: before 4.2.4-4

libavdevice: before 4.2.4-4

ffmpeg-debugsource: before 4.2.4-4

ffmpeg-debuginfo: before 4.2.4-4

ffmpeg: before 4.2.4-4

CPE2.3

External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2022-1808

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Unchecked Return Value

EUVDB-ID: #VU92207

Risk: Low

CVSSv4.0: 1.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-38114

CWE-ID: CWE-252 - Unchecked Return Value

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to libavcodec/dnxhddec.c in FFmpeg does not check the return value of the init_vlc function. A local user can trick the victim into opening a specially crafted file to trigger resource exhaustion and perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP1 - 22.03 LTS

ffmpeg-libs: before 4.2.4-4

ffmpeg-devel: before 4.2.4-4

libavdevice: before 4.2.4-4

ffmpeg-debugsource: before 4.2.4-4

ffmpeg-debuginfo: before 4.2.4-4

ffmpeg: before 4.2.4-4

CPE2.3

External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2022-1808

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Buffer overflow

EUVDB-ID: #VU42325

Risk: High

CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2013-0868

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

libavcodec/huffyuvdec.c in FFmpeg before 1.1.2 allows remote attackers to have an unspecified impact via crafted Huffyuv data, related to an out-of-bounds write and (1) unchecked return codes from the init_vlc function and (2) "len==0 cases."

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP1 - 22.03 LTS

ffmpeg-libs: before 4.2.4-4

ffmpeg-devel: before 4.2.4-4

libavdevice: before 4.2.4-4

ffmpeg-debugsource: before 4.2.4-4

ffmpeg-debuginfo: before 4.2.4-4

ffmpeg: before 4.2.4-4

CPE2.3

External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2022-1808

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.