Mandriva Linux Security Advisory : ffmpeg (MDVSA-2013:079)

This script is Copyright (C) 2013-2016 Tenable Network Security, Inc.


Synopsis :

The remote Mandriva Linux host is missing one or more security
updates.

Description :

Updated ffmpeg packages fix security vulnerabilities :

h264: Add check for invalid chroma_format_idc (CVE-2012-0851)

h263dec: Disallow width/height changing with frame threads
(CVE-2011-3937)

vc1dec: check that coded slice positions and interlacing match. This
fixes out of array writes (CVE-2012-2796)

alsdec: fix number of decoded samples in first sub-block in BGMC mode
(CVE-2012-2790)

cavsdec: check for changing w/h. Our decoder does not support changing
w/h (CVE-2012-2777, CVE-2012-2784)

indeo4: update AVCodecContext width/height on size change
(CVE-2012-2787)

avidec: use actually read size instead of requested size
(CVE-2012-2788)

wmaprodec: check num_vec_coeffs for validity (CVE-2012-2789)

lagarith: check count before writing zeros (CVE-2012-2793)

indeo3: fix out of cell write (CVE-2012-2776)

indeo5: check tile size in decode_mb_info\(\). This prevents writing
into a too small array if some parameters changed without the tile
being reallocated (CVE-2012-2794)

indeo5dec: Make sure we have had a valid gop header. This prevents
decoding happening on a half initialized context (CVE-2012-2779)

indeo4/5: check empty tile size in decode_mb_info\(\). This prevents
writing into a too small array if some parameters changed without the
tile being reallocated (CVE-2012-2800)

dfa: improve boundary checks in decode_dds1\(\) (CVE-2012-2798)

dfa: check that the caller set width/height properly (CVE-2012-2786)

avsdec: Set dimensions instead of relying on the demuxer. The decode
function assumes that the video will have those dimensions
(CVE-2012-2801)

ac3dec: ensure get_buffer\(\) gets a buffer for the correct number of
channels (CVE-2012-2802)

rv34: error out on size changes with frame threading (CVE-2012-2772)

alsdec: check opt_order. Fixes out of array write in quant_cof. Also
make sure no invalid opt_order stays in the context (CVE-2012-2775)

This updates ffmpeg to version 0.10.6 which contains the security
fixes above as well as other bug fixes.

Solution :

Update the affected packages.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 7.4
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now