FreeBSD : ffmpeg -- multiple vulnerabilities (3d950687-b4c9-4a86-8478-c56743547af8)

This script is Copyright (C) 2015 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing one or more security-related
updates.

Description :

NVD reports :

The decode_ihdr_chunk function in libavcodec/pngdec.c in FFmpeg before
2.7.2 does not enforce uniqueness of the IHDR (aka image header) chunk
in a PNG image, which allows remote attackers to cause a denial of
service (out-of-bounds array access) or possibly have unspecified
other impact via a crafted image with two or more of these chunks.

Multiple integer underflows in the ff_mjpeg_decode_frame function in
libavcodec/mjpegdec.c in FFmpeg before 2.7.2 allow remote attackers to
cause a denial of service (out-of-bounds array access) or possibly
have unspecified other impact via crafted MJPEG data.

The ff_sbr_apply function in libavcodec/aacsbr.c in FFmpeg before
2.7.2 does not check for a matching AAC frame syntax element before
proceeding with Spectral Band Replication calculations, which allows
remote attackers to cause a denial of service (out-of-bounds array
access) or possibly have unspecified other impact via crafted AAC
data.

The ff_mpv_common_init function in libavcodec/mpegvideo.c in FFmpeg
before 2.7.2 does not properly maintain the encoding context, which
allows remote attackers to cause a denial of service (invalid pointer
access) or possibly have unspecified other impact via crafted MPEG
data.

The destroy_buffers function in libavcodec/sanm.c in FFmpeg before
2.7.2 does not properly maintain height and width values in the video
context, which allows remote attackers to cause a denial of service
(segmentation violation and application crash) or possibly have
unspecified other impact via crafted LucasArts Smush video data.

The allocate_buffers function in libavcodec/alac.c in FFmpeg before
2.7.2 does not initialize certain context data, which allows remote
attackers to cause a denial of service (segmentation violation) or
possibly have unspecified other impact via crafted Apple Lossless
Audio Codec (ALAC) data.

The sws_init_context function in libswscale/utils.c in FFmpeg before
2.7.2 does not initialize certain pixbuf data structures, which allows
remote attackers to cause a denial of service (segmentation violation)
or possibly have unspecified other impact via crafted video data.

The ff_frame_thread_init function in libavcodec/pthread_frame.c in
FFmpeg before 2.7.2 mishandles certain memory-allocation failures,
which allows remote attackers to cause a denial of service (invalid
pointer access) or possibly have unspecified other impact via a
crafted file, as demonstrated by an AVI file.

The ff_rv34_decode_init_thread_copy function in libavcodec/rv34.c in
FFmpeg before 2.7.2 does not initialize certain structure members,
which allows remote attackers to cause a denial of service (invalid
pointer access) or possibly have unspecified other impact via crafted
(1) RV30 or (2) RV40 RealVideo data.

See also :

http://www.nessus.org/u?b8d88c08
http://www.nessus.org/u?0e49cc8b
http://www.nessus.org/u?8a2d733c
http://www.nessus.org/u?a0b4c85d
http://www.nessus.org/u?d9901608
http://www.nessus.org/u?df0e4e28
http://www.nessus.org/u?553afebc
http://www.nessus.org/u?a7482a81
http://www.nessus.org/u?3b0a7abe
https://ffmpeg.org/security.html
http://www.nessus.org/u?6150b5fc

Solution :

Update the affected packages.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 86044 ()

Bugtraq ID:

CVE ID: CVE-2015-6818
CVE-2015-6819
CVE-2015-6820
CVE-2015-6821
CVE-2015-6822
CVE-2015-6823
CVE-2015-6824
CVE-2015-6825
CVE-2015-6826

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now