|
Message-ID: <1323093494.32667.225.camel@mdlinux> Date: Mon, 05 Dec 2011 08:58:14 -0500 From: Marc Deslauriers <marc.deslauriers@...onical.com> To: kseifried@...hat.com Cc: oss-security@...ts.openwall.com Subject: Re: CVE Request: ffmpeg On Sun, 2011-12-04 at 11:36 -0700, Kurt Seifried wrote: > On 12/04/2011 04:06 AM, Marc Deslauriers wrote: > > This doesn't seem to have a CVE: > > > > An error within the "svq1_decode_frame()" function > > (libavcodec/svq1dec.c) can be exploited to corrupt memory. > > > > http://git.videolan.org/?p=ffmpeg.git;a=commit;h=4931c8f0f10bf8dedcf626104a6b85bfefadc6f2 > > > > http://secunia.com/advisories/46888/ > > http://archives.neohapsis.com/archives/bugtraq/2011-11/0148.html > > > The secunia page lists 3 CVE's and 4 issues with no mappings to CVE's to > issues that I can see. Can you reply with the mapping information that > you used to determine that this issue was not assigned a CVE (as opposed > to one of the other issues)?. Also can you confirm or proove that these > 4 issues are all separate and that two of them have not been merged > (thus obviating any need for a third CVE)? Thanks in advance. If anyone > from Secunia is on this list I'd love to hear from you/any comments on > this issue are more then welcome. > Sure! The 3 other issues got CVEs assigned here: http://marc.info/?l=oss-security&m=132205107221272&w=2 CVE-2011-4351 - An error within the QDM2 decoder (libavcodec/qdm2.c) can be exploited to cause a buffer overflow. Seems to be the following commits in libavcodec/qdm2.c (at least the last one, the others seem to be a bit older): http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=491eaf35ae1f9b619441314bec33766e31580184 http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=291d74a46d32183653db07818c7b3407fd50a288 http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=7d49f79f1cd47783a963a757a6563b9cac29db62 http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=14db3af4f26dad8e6ddf2147e96ccc710952ad4d http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=895d258e9ba065d035dd30dbc622423031f0185c Last commit says this fixes NGS00144 CVE-2011-4352 - An integer overflow error within the "vp3_dequant()" function (libavcodec/vp3.c) can be exploited to cause a buffer overflow. Seems to be the following commit in libavcodec/vp3.c: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=eef5c35b4352ec49ca41f6198bee8a976b1f81e5 Commit says this fixes NGS00145 CVE-2011-4353 - Errors within the "av_image_fill_pointers()", the "vp5_parse_coeff()", and the "vp6_parse_coeff()" functions can be exploited to trigger out-of-bounds reads. Seems to be the following commits in libavutil/imgutils.c, libavcodec/vp5.c, libavcodec/vp6.c: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=c693aa6f71b4f539cf9df67ba42f4b1932981687 http://git.videolan.org/?p=ffmpeg.git;a=commit;h=bb4b0ad83b13c3af57675e80163f3f333adef96f http://git.videolan.org/?p=ffmpeg.git;a=commit;h=e0966eb140b3569b3d6b5b5008961944ef229c06 So, the fourth issue, which is fixed by the following commit that matches the description doesn't seem to have a CVE number, and doesn't seem to be related to the others: "An error within the "svq1_decode_frame()" function (libavcodec/svq1dec.c) can be exploited to corrupt memory." http://git.videolan.org/?p=ffmpeg.git;a=commit;h=4931c8f0f10bf8dedcf626104a6b85bfefadc6f2 Commit says it fixes NGS00148. Marc.
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.