Mandriva Linux Security Advisory : ffmpeg (MDVSA-2014:227)

This script is Copyright (C) 2014 Tenable Network Security, Inc.


Synopsis :

The remote Mandriva Linux host is missing one or more security
updates.

Description :

Multiple vulnerabilities has been discovered and corrected in ffmpeg :

The decode_init function in libavcodec/huffyuv.c in FFmpeg before 1.1
allows remote attackers to have an unspecified impact via a crafted
width in huffyuv data with the predictor set to median and the
colorspace set to YUV422P, which triggers an out-of-bounds array
access (CVE-2013-0848).

The parse_picture_segment function in libavcodec/pgssubdec.c in FFmpeg
before 1.1 allows remote attackers to have an unspecified impact via
crafted RLE data, which triggers an out-of-bounds array access
(CVE-2013-0852).

The ff_er_frame_end function in libavcodec/error_resilience.c in
FFmpeg before 1.0.4 and 1.1.x before 1.1.1 does not properly verify
that a frame is fully initialized, which allows remote attackers to
trigger a NULL pointer dereference via crafted picture data
(CVE-2013-0860).

The mm_decode_inter function in mmvideo.c in libavcodec in FFmpeg
before 1.2.1 does not validate the relationship between a horizontal
coordinate and a width value, which allows remote attackers to cause a
denial of service (out-of-bounds array access and application crash)
via crafted American Laser Games (ALG) MM Video data (CVE-2013-3672).

The cdg_decode_frame function in cdgraphics.c in libavcodec in FFmpeg
before 1.2.1 does not validate the presence of non-header data in a
buffer, which allows remote attackers to cause a denial of service
(out-of-bounds array access and application crash) via crafted CD
Graphics Video data (CVE-2013-3674).

The read_header function in libavcodec/ffv1dec.c in FFmpeg before 2.1
does not properly enforce certain bit-count and colorspace
constraints, which allows remote attackers to cause a denial of
service (out-of-bounds array access) or possibly have unspecified
other impact via crafted FFV1 data (CVE-2013-7020).

The updated packages have been upgraded to the 0.10.15 version which
is not vulnerable to these issues.

See also :

https://www.ffmpeg.org/security.html

Solution :

Update the affected packages.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 8.1
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

Family: Mandriva Local Security Checks

Nessus Plugin ID: 79573 ()

Bugtraq ID: 60492
63796
63936
63941

CVE ID: CVE-2013-0848
CVE-2013-0852
CVE-2013-0860
CVE-2013-3672
CVE-2013-3674
CVE-2013-7020

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now