[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    Re: [oss-security] CVE request: ffmpeg before 0.7.8 and 0.8.7  2
From:       Kurt Seifried <kseifried () redhat ! com>
Date:       2011-11-25 20:28:15
Message-ID: 4ECFFA5F.2010800 () redhat ! com
[Download RAW message or body]

On 11/23/2011 08:20 PM, Hanno Böck wrote:
> Am Wed, 23 Nov 2011 13:52:04 -0700
> schrieb Kurt Seifried <kseifried@redhat.com>:
>
>> On 11/23/2011 05:23 AM, Hanno Böck wrote:
>>> New ffmpeg releases contain a couple of security fixes:
>>> http://secunia.com/advisories/46888/
>>>
>>> 1) An error within the QDM2 decoder (libavcodec/qdm2.c) can be
>>> exploited to cause a buffer overflow.
>>>

Please use CVE-2011-4351 for this issue
>>> 2) An integer overflow error within the "vp3_dequant()" function
>>> (libavcodec/vp3.c) can be exploited to cause a buffer overflow.
>>>
Please use CVE-2011-4352 for this issue.

>>> 3) Errors within the "av_image_fill_pointers()", the
>>> "vp5_parse_coeff()", and the "vp6_parse_coeff()" functions can be
>>> exploited to trigger out-of-bounds reads.
>>>
>>>
Please use CVE-2011-4353 for this issue.

>>> Please assign CVEs.
>>>
>>>
>>> Maybe someone wants to have a look if other issues in those
>>> releases are security relevant:
>>> http://git.videolan.org/?p=ffmpeg.git&a=shortlog&h=n0.7.8
>>>
>> This would be the original advisory http://ffmpeg.org/#pr7dot8and8dot7
>> correct?
> It is the upstream confirmation - at least it's about the same bugs.
>


-- 

-Kurt Seifried / Red Hat Security Response Team

[prev in list] [next in list] [prev in thread] [next in thread]