Mandriva Linux Security Advisory : ffmpeg (MDVSA-2013:079)

Critical Nessus Plugin ID 66093


The remote Mandriva Linux host is missing one or more security updates.


Updated ffmpeg packages fix security vulnerabilities :

h264: Add check for invalid chroma_format_idc (CVE-2012-0851)

h263dec: Disallow width/height changing with frame threads (CVE-2011-3937)

vc1dec: check that coded slice positions and interlacing match. This fixes out of array writes (CVE-2012-2796)

alsdec: fix number of decoded samples in first sub-block in BGMC mode (CVE-2012-2790)

cavsdec: check for changing w/h. Our decoder does not support changing w/h (CVE-2012-2777, CVE-2012-2784)

indeo4: update AVCodecContext width/height on size change (CVE-2012-2787)

avidec: use actually read size instead of requested size (CVE-2012-2788)

wmaprodec: check num_vec_coeffs for validity (CVE-2012-2789)

lagarith: check count before writing zeros (CVE-2012-2793)

indeo3: fix out of cell write (CVE-2012-2776)

indeo5: check tile size in decode_mb_info\(\). This prevents writing into a too small array if some parameters changed without the tile being reallocated (CVE-2012-2794)

indeo5dec: Make sure we have had a valid gop header. This prevents decoding happening on a half initialized context (CVE-2012-2779)

indeo4/5: check empty tile size in decode_mb_info\(\). This prevents writing into a too small array if some parameters changed without the tile being reallocated (CVE-2012-2800)

dfa: improve boundary checks in decode_dds1\(\) (CVE-2012-2798)

dfa: check that the caller set width/height properly (CVE-2012-2786)

avsdec: Set dimensions instead of relying on the demuxer. The decode function assumes that the video will have those dimensions (CVE-2012-2801)

ac3dec: ensure get_buffer\(\) gets a buffer for the correct number of channels (CVE-2012-2802)

rv34: error out on size changes with frame threading (CVE-2012-2772)

alsdec: check opt_order. Fixes out of array write in quant_cof. Also make sure no invalid opt_order stays in the context (CVE-2012-2775)

This updates ffmpeg to version 0.10.6 which contains the security fixes above as well as other bug fixes.


Update the affected packages.

Plugin Details

Severity: Critical

ID: 66093

File Name: mandriva_MDVSA-2013-079.nasl

Version: $Revision: 1.4 $

Type: local

Published: 2013/04/20

Modified: 2016/03/14

Dependencies: 12634

Risk Information

Risk Factor: Critical


Base Score: 10

Temporal Score: 7.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:U/RL:OF/RC:C

Vulnerability Information

CPE: p-cpe:/a:mandriva:linux:ffmpeg, p-cpe:/a:mandriva:linux:lib64avcodec53, p-cpe:/a:mandriva:linux:lib64avfilter2, p-cpe:/a:mandriva:linux:lib64avformat53, p-cpe:/a:mandriva:linux:lib64avutil51, p-cpe:/a:mandriva:linux:lib64ffmpeg-devel, p-cpe:/a:mandriva:linux:lib64ffmpeg-static-devel, p-cpe:/a:mandriva:linux:lib64postproc52, p-cpe:/a:mandriva:linux:lib64swresample0, p-cpe:/a:mandriva:linux:lib64swscaler2, cpe:/o:mandriva:business_server:1

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/Mandrake/release, Host/Mandrake/rpm-list

Exploit Available: false

Exploit Ease: No known exploits are available

Patch Publication Date: 2013/04/09

Reference Information

CVE: CVE-2011-3937, CVE-2012-0851, CVE-2012-2772, CVE-2012-2775, CVE-2012-2776, CVE-2012-2777, CVE-2012-2779, CVE-2012-2784, CVE-2012-2786, CVE-2012-2787, CVE-2012-2788, CVE-2012-2789, CVE-2012-2790, CVE-2012-2793, CVE-2012-2794, CVE-2012-2796, CVE-2012-2798, CVE-2012-2800, CVE-2012-2801, CVE-2012-2802

BID: 51307, 51720, 55355

OSVDB: 78178, 78634, 85268, 85269, 85271, 85272, 85273, 85275, 85279, 85280, 85281, 85282, 85286, 85288, 85290, 85292, 85293, 85295, 85300

MDVSA: 2013:079

MGASA: 2012-0143, 2012-0331