FreeBSD : ffmpeg -- multiple vulnerabilities (3d950687-b4c9-4a86-8478-c56743547af8)

High Nessus Plugin ID 86044

Synopsis

The remote FreeBSD host is missing one or more security-related updates.

Description

NVD reports :

The decode_ihdr_chunk function in libavcodec/pngdec.c in FFmpeg before 2.7.2 does not enforce uniqueness of the IHDR (aka image header) chunk in a PNG image, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via a crafted image with two or more of these chunks.

Multiple integer underflows in the ff_mjpeg_decode_frame function in libavcodec/mjpegdec.c in FFmpeg before 2.7.2 allow remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted MJPEG data.

The ff_sbr_apply function in libavcodec/aacsbr.c in FFmpeg before 2.7.2 does not check for a matching AAC frame syntax element before proceeding with Spectral Band Replication calculations, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted AAC data.

The ff_mpv_common_init function in libavcodec/mpegvideo.c in FFmpeg before 2.7.2 does not properly maintain the encoding context, which allows remote attackers to cause a denial of service (invalid pointer access) or possibly have unspecified other impact via crafted MPEG data.

The destroy_buffers function in libavcodec/sanm.c in FFmpeg before 2.7.2 does not properly maintain height and width values in the video context, which allows remote attackers to cause a denial of service (segmentation violation and application crash) or possibly have unspecified other impact via crafted LucasArts Smush video data.

The allocate_buffers function in libavcodec/alac.c in FFmpeg before 2.7.2 does not initialize certain context data, which allows remote attackers to cause a denial of service (segmentation violation) or possibly have unspecified other impact via crafted Apple Lossless Audio Codec (ALAC) data.

The sws_init_context function in libswscale/utils.c in FFmpeg before 2.7.2 does not initialize certain pixbuf data structures, which allows remote attackers to cause a denial of service (segmentation violation) or possibly have unspecified other impact via crafted video data.

The ff_frame_thread_init function in libavcodec/pthread_frame.c in FFmpeg before 2.7.2 mishandles certain memory-allocation failures, which allows remote attackers to cause a denial of service (invalid pointer access) or possibly have unspecified other impact via a crafted file, as demonstrated by an AVI file.

The ff_rv34_decode_init_thread_copy function in libavcodec/rv34.c in FFmpeg before 2.7.2 does not initialize certain structure members, which allows remote attackers to cause a denial of service (invalid pointer access) or possibly have unspecified other impact via crafted (1) RV30 or (2) RV40 RealVideo data.

Solution

Update the affected packages.

See Also

http://www.nessus.org/u?b8d88c08

http://www.nessus.org/u?0e49cc8b

http://www.nessus.org/u?8a2d733c

http://www.nessus.org/u?a0b4c85d

http://www.nessus.org/u?d9901608

http://www.nessus.org/u?df0e4e28

http://www.nessus.org/u?553afebc

http://www.nessus.org/u?a7482a81

http://www.nessus.org/u?3b0a7abe

https://ffmpeg.org/security.html

http://www.nessus.org/u?89072e0b

Plugin Details

Severity: High

ID: 86044

File Name: freebsd_pkg_3d950687b4c94a868478c56743547af8.nasl

Version: 2.5

Type: local

Published: 2015/09/21

Updated: 2019/07/10

Dependencies: 12634

Risk Information

Risk Factor: High

CVSS v2.0

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:avidemux, p-cpe:/a:freebsd:freebsd:avidemux2, p-cpe:/a:freebsd:freebsd:avidemux26, p-cpe:/a:freebsd:freebsd:ffmpeg, p-cpe:/a:freebsd:freebsd:ffmpeg-011, p-cpe:/a:freebsd:freebsd:ffmpeg-devel, p-cpe:/a:freebsd:freebsd:ffmpeg0, p-cpe:/a:freebsd:freebsd:ffmpeg1, p-cpe:/a:freebsd:freebsd:ffmpeg2, p-cpe:/a:freebsd:freebsd:ffmpeg23, p-cpe:/a:freebsd:freebsd:ffmpeg24, p-cpe:/a:freebsd:freebsd:ffmpeg25, p-cpe:/a:freebsd:freebsd:ffmpeg26, p-cpe:/a:freebsd:freebsd:gstreamer-ffmpeg, p-cpe:/a:freebsd:freebsd:gstreamer1-libav, p-cpe:/a:freebsd:freebsd:handbrake, p-cpe:/a:freebsd:freebsd:kodi, p-cpe:/a:freebsd:freebsd:libav, p-cpe:/a:freebsd:freebsd:mencoder, p-cpe:/a:freebsd:freebsd:mplayer, p-cpe:/a:freebsd:freebsd:mythtv, p-cpe:/a:freebsd:freebsd:mythtv-frontend, p-cpe:/a:freebsd:freebsd:plexhometheater, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Patch Publication Date: 2015/09/20

Vulnerability Publication Date: 2015/09/05

Reference Information

CVE: CVE-2015-6818, CVE-2015-6819, CVE-2015-6820, CVE-2015-6821, CVE-2015-6822, CVE-2015-6823, CVE-2015-6824, CVE-2015-6825, CVE-2015-6826