Mageia alert MGASA-2015-0245 (ffmpeg)

From:
    	     
 
Mageia Updates <buildsystem-daemon@mageia.org> 
To:
    	     
 
updates-announce@ml.mageia.org 
Subject:
    	     
 
[updates-announce] MGASA-2015-0245: Updated ffmpeg package fixes security vulnerability 
Date:
    	     
 
Fri, 19 Jun 2015 15:33:31 +0200
Message-ID:
    	     
 
<20150619133331.CB26440F4E@valstar.mageia.org>
MGASA-2015-0245 - Updated ffmpeg package fixes security vulnerability

Publication date: 19 Jun 2015
URL: http://advisories.mageia.org/MGASA-2015-0245.html

Type: security
Affected Mageia releases: 4
CVE: CVE-2014-9316,
     CVE-2014-9317,
     CVE-2014-9318,
     CVE-2014-9603,
     CVE-2014-9604,
     CVE-2015-1872,
     CVE-2015-3395,
     CVE-2015-3417

Description:
The mjpeg_decode_app function in libavcodec/mjpegdec.c in FFMpeg before 2.0.7
allows remote attackers to cause a denial of service (out-of-bounds heap
access) and possibly have other unspecified impact via vectors related to
LJIF tags in an MJPEG file (CVE-2014-9316).

The decode_ihdr_chunk function in libavcodec/pngdec.c in FFMpeg before 2.0.7
allows remote attackers to cause a denial of service (out-of-bounds heap
access) and possibly have other unspecified impact via an IDAT before an IHDR
in a PNG file (CVE-2014-9317).

The raw_decode function in libavcodec/rawdec.c in FFMpeg before 2.0.7 allows
remote attackers to cause a denial of service (out-of-bounds heap access) and
possibly have other unspecified impact via a crafted .cine file that triggers
the avpicture_get_size function to return a negative frame size
(CVE-2014-9318).

The vmd_decode function in libavcodec/vmdvideo.c in FFmpeg before 2.0.7 does
not validate the relationship between a certain length value and the frame
width, which allows remote attackers to cause a denial of service
(out-of-bounds array access) or possibly have unspecified other impact via
crafted Sierra VMD video data (CVE-2014-9603).

libavcodec/utvideodec.c in FFmpeg before 2.0.7 does not check for a zero
value of a slice height, which allows remote attackers to cause a denial of
service (out-of-bounds array access) or possibly have unspecified other
impact via crafted Ut Video data, related to the restore_median and
restore_median_il functions (CVE-2014-9604).

An attacker can force a read at an invalid address in mjpegdec.c of FFmpeg,
in order to trigger a denial of service (CVE-2015-1872).

The msrle_decode_pal4 function in libavcodec/msrledec.c in FFmpeg before
2.0.7 has an out-of-bounds array access that may allow remote attackers to
cause a denial of service or possibly have unspecified other impact via a
crafted BMP file (CVE-2015-3395).

Use-after-free vulnerability in the ff_h264_free_tables function in
libavcodec/h264.c in FFmpeg before 2.0.7 allows remote attackers to cause a
denial of service or possibly have unspecified other impact via crafted H.264
data in an MP4 file, as demonstrated by an HTML VIDEO element that references
H.264 data (CVE-2015-3417).

References:
- https://bugs.mageia.org/show_bug.cgi?id=15502

- http://vigilance.fr/vulnerability/FFmpeg-unreachable-memo...
- http://git.videolan.org/?p=ffmpeg.git;a=log;h=n2.0.7

- http://ffmpeg.org/olddownload.html

- http://ffmpeg.org/security.html

- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9316

- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9317

- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9318

- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9603

- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9604

- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1872

- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3395

- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3417


SRPMS:
- 4/core/ffmpeg-2.0.7-1.mga4
- 4/tainted/ffmpeg-2.0.7-1.mga4.tainted