Mandriva Linux Security Advisory : ffmpeg (MDVSA-2014:129)

This script is Copyright (C) 2014-2016 Tenable Network Security, Inc.


Synopsis :

The remote Mandriva Linux host is missing one or more security
updates.

Description :

Multiple vulnerabilities has been discovered and corrected in ffmpeg :

Multiple unspecified vulnerabilities in libavcodec/wmalosslessdec.c in
FFmpeg before 0.11 have unknown impact and attack vectors related to
(1) size of mclms arrays, (2) a get_bits(0) in decode_ac_filter, and
(3) too many bits in decode_channel_residues(). (CVE-2012-2795).

libavcodec/wmalosslessdec.c in FFmpeg before 2.1.4 uses an incorrect
data-structure size for certain coefficients, which allows remote
attackers to cause a denial of service (memory corruption) or possibly
have unspecified other impact via crafted WMA data (CVE-2014-2098).

The msrle_decode_frame function in libavcodec/msrle.c in FFmpeg before
2.1.4 does not properly calculate line sizes, which allows remote
attackers to cause a denial of service (out-of-bounds array access) or
possibly have unspecified other impact via crafted Microsoft RLE video
data (CVE-2014-2099).

The mpegts_write_pmt function in the MPEG2 transport stream (aka DVB)
muxer (libavformat/mpegtsenc.c) in FFmpeg, possibly 2.1 and earlier,
allows remote attackers to have unspecified impact and vectors, which
trigger an out-of-bounds write (CVE-2014-2263).

A use-after-free vulnerability in FFmpeg before 1.1.9 involving seek
operations on video data could allow remote attackers to cause a
denial of service (CVE-2012-5150).

An integer overflow can occur when processing any variant of a literal
run in the av_lzo1x_decode function (CVE-2014-4609, CVE-2014-4610).

The updated packages have been upgraded to the 0.10.14 version which
is not vulnerable to these issues.

See also :

http://www.nessus.org/u?76546f97
http://seclists.org/oss-sec/2014/q2/668
http://www.openwall.com/lists/oss-security/2014/06/26/22
https://www.ffmpeg.org/security.html

Solution :

Update the affected packages.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 8.7
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

Family: Mandriva Local Security Checks

Nessus Plugin ID: 76437 ()

Bugtraq ID: 55355
59417
65560
66057
66060
68217
68219

CVE ID: CVE-2012-2795
CVE-2012-5150
CVE-2014-2098
CVE-2014-2099
CVE-2014-2263
CVE-2014-4609
CVE-2014-4610

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now