In FFmpeg 3.2 and 4.0.1, an improper argument (AVCodecParameters) passed to the avpriv_request_sample function in the handle_eac3 function in libavformat/movenc.c may trigger an out-of-array read while converting a crafted AVI file to MPEG4, leading to a denial of service and possibly an information disclosure.

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available.

  - In FFmpeg 3.2 and 4.0.1, an improper argument (AVCodecParameters) passed to the avpriv_request_sample     function in the handle_eac3 function in libavformat/movenc.c may trigger an out-of-array read while     converting a crafted AVI file to MPEG4, leading to a denial of service and possibly an information     disclosure. (CVE-2018-13300)

Note that Nessus relies on the presence of the package as reported by the vendor.

This update for ffmpeg-4 to version 4.0.2 fixes the following issues :

These security issues were fixed :

  - CVE-2018-15822: The flv_write_packet function did not     check for an empty audio packet, leading to an assertion     failure and DoS (bsc#1105869).

  - CVE-2018-13300: An improper argument passed to the     avpriv_request_sample function may have triggered an     out-of-array read while converting a crafted AVI file to     MPEG4, leading to a denial of service and possibly an     information disclosure (bsc#1100348).

These non-security issues were fixed :

  - Enable webvtt encoders and decoders (boo#1092241).

  - Build codec2 encoder and decoder, add libcodec2 to     enable_decoders and enable_encoders.

  - Enable mpeg 1 and 2 encoders.

This update for ffmpeg fixes the following issues :

CVE-2018-13300: An improper argument passed to the avpriv_request_sample function may have triggered an out-of-array read while converting a crafted AVI file to MPEG4, leading to a denial of service and possibly an information disclosure (bsc#1100348)

CVE-2018-15822: The flv_write_packet function did not check for an empty audio packet, leading to an assertion failure and DoS (bsc#1105869)

CVE-2018-13305: Due to a missing check for negative values of the mquant variable, the vc1_put_blocks_clamped function in libavcodec/vc1_block.c may trigger an out-of-array access while converting a crafted AVI file to MPEG4, leading to an information disclosure or a denial of service. (bsc#1100345).

CVE-2018-12458: An improper integer type in the mpeg4_encode_gop_header function in libavcodec/mpeg4videoenc.c might have triggered an assertion violation while converting a crafted AVI file to MPEG4, leading to a denial of service. (bsc#1097983).

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Several vulnerabilities have been discovered in the FFmpeg multimedia framework, which could result in denial of service or potentially the execution of arbitrary code if malformed files/streams are processed.

ID	Name	Product	Family	Severity
256247	Linux Distros Unpatched Vulnerability : CVE-2018-13300	Nessus	Misc.	high
123300	openSUSE Security Update : ffmpeg-4 (openSUSE-2019-691)	Nessus	SuSE Local Security Checks	high
120152	SUSE SLED15 / SLES15 Security Update : ffmpeg (SUSE-SU-2018:3609-1)	Nessus	SuSE Local Security Checks	high
117517	openSUSE Security Update : ffmpeg-4 (openSUSE-2018-1004)	Nessus	SuSE Local Security Checks	high
111141	Debian DSA-4249-1 : ffmpeg - security update	Nessus	Debian Local Security Checks	high

Detections

Analytics

CVE-2018-13300

high

Tenable Plugins

high

high

high

high

high