Date: Tue, 26 Nov 2013 15:01:11 +0100 From: Michael Niedermayer <michaelni@....at> To: Open Source Security <oss-security@...ts.openwall.com> Cc: ffmpeg-security@...peg.org Subject: CVE Request: FFmpeg 2.1 multiple problems Hi Id like to request CVE(s) for FFmpeg 2.1, for the changes below: https://github.com/FFmpeg/FFmpeg/commit/29ffeef5e73b8f41ff3a3f2242d356759c66f91f fixes a deadlock in h264 decoding https://trac.ffmpeg.org/ticket/2927 https://github.com/FFmpeg/FFmpeg/commit/3819db745da2ac7fb3faacb116788c32f4753f34 Fixes out of array (on heap) writes in rpza decoding https://trac.ffmpeg.org/ticket/2850 https://github.com/FFmpeg/FFmpeg/commit/454a11a1c9c686c78aa97954306fb63453299760 avcodec/dsputil: fix signedness in sizeof() comparissions leading to interger overflow and out of array accesses https://github.com/FFmpeg/FFmpeg/commit/547d690d676064069d44703a1917e0dab7e33445 Fixes out of array (on heap) writes in ffv1 decoding https://trac.ffmpeg.org/ticket/2906 Found-by: ami_stuff https://github.com/FFmpeg/FFmpeg/commit/780669ef7c23c00836a24921fcc6b03be2b8ca4a Fixes out of array write in jpeg2000 decoding https://trac.ffmpeg.org/ticket/3080 Found-by: ami_stuff https://github.com/FFmpeg/FFmpeg/commit/821a5938d100458f4d09d634041b05c860554ce0 Fix order of align and pixel size multiplication. Fixes out of array accesses in g2m4 https://trac.ffmpeg.org/ticket/2922 Found-by: ami_stuff https://github.com/FFmpeg/FFmpeg/commit/86736f59d6a527d8bc807d09b93f971c0fe0bb07 avcodec/pngdsp: fix (un)signed type in end comparission Fixes out of array writes in png decoding https://trac.ffmpeg.org/ticket/2919 Found_by: ami_stuff https://github.com/FFmpeg/FFmpeg/commit/880c73cd76109697447fbfbaa8e5ee5683309446 avcodec/flashsv: check diff_start/height Fixes out of array accesses https://trac.ffmpeg.org/ticket/2844 Found-by: ami_stuff https://github.com/FFmpeg/FFmpeg/commit/8bb11c3ca77b52e05a9ed1496a65f8a76e6e2d8f Check cdx/y values more carefully Fixes out of array accesses in jpeg2000 decoding https://trac.ffmpeg.org/ticket/2848 Found-by: Piotr Bandurski <ami_stuff@...pl> https://github.com/FFmpeg/FFmpeg/commit/912ce9dd2080c5837285a471d750fa311e09b555 fix dereferencing invalid pointers in jpeg2000 decoding Found-by: Laurent Butti <laurentb@...il.com> https://github.com/FFmpeg/FFmpeg/commit/9a271a9368eaabf99e6c2046103acb33957e63b7 jpeg2000: check log2_cblk dimensions Fixes out of array access https://trac.ffmpeg.org/ticket/2895 Found-by: Piotr Bandurski <ami_stuff@...pl> https://github.com/FFmpeg/FFmpeg/commit/a1b9004b768bef606ee98d417bceb9392ceb788d avcodec/jpeg2000dec: fix context consistency with too large lowres Fixes out of array accesses in jpeg2000 decoding https://trac.ffmpeg.org/ticket/2898 https://github.com/FFmpeg/FFmpeg/commit/b05cd1ea7e45a836f7f6071a716c38bb30326e0f ffv1dec: Check bits_per_raw_sample and colorspace for equality in ver 0/1 headers prevents inconsistency and out of array write https://github.com/FFmpeg/FFmpeg/commit/cdd5df8189ff1537f7abe8defe971f80602cc2d2 avfilter/vf_fps: make sure the fifo is not empty before using it fixes double free in the fps filter https://trac.ffmpeg.org/ticket/2905 https://github.com/FFmpeg/FFmpeg/commit/e07ac727c1cc9eed39e7f9117c97006f719864bd fixes out of array access in g2m4 https://trac.ffmpeg.org/ticket/2971 Found-by: ami_stuff https://github.com/FFmpeg/FFmpeg/commit/f31011e9abfb2ae75bb32bc44e2c34194c8dc40a out of array write (on heap) in case of realloc failure https://trac.ffmpeg.org/ticket/2982 https://github.com/FFmpeg/FFmpeg/commit/fe448cd28d674c3eff3072552eae366d0b659ce9 avcodec/jpeg2000dec: prevent out of array accesses in pixel addressing https://trac.ffmpeg.org/ticket/2921 -- Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB When the tyrant has disposed of foreign enemies by conquest or treaty, and there is nothing more to fear from them, then he is always stirring up some war or other, in order that the people may require a leader. -- Plato [ CONTENT OF TYPE application/pgp-signature SKIPPED ]
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ