Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-ID: <20131126140111.GA25373@nb4>
Date: Tue, 26 Nov 2013 15:01:11 +0100
From: Michael Niedermayer <michaelni@....at>
To: Open Source Security <oss-security@...ts.openwall.com>
Cc: ffmpeg-security@...peg.org
Subject: CVE Request: FFmpeg 2.1 multiple problems

Hi

Id like to request CVE(s) for FFmpeg 2.1, for the changes below:


https://github.com/FFmpeg/FFmpeg/commit/29ffeef5e73b8f41ff3a3f2242d356759c66f91f
    fixes a deadlock in h264 decoding
    https://trac.ffmpeg.org/ticket/2927

https://github.com/FFmpeg/FFmpeg/commit/3819db745da2ac7fb3faacb116788c32f4753f34
    Fixes out of array (on heap) writes in rpza decoding
    https://trac.ffmpeg.org/ticket/2850

https://github.com/FFmpeg/FFmpeg/commit/454a11a1c9c686c78aa97954306fb63453299760
    avcodec/dsputil: fix signedness in sizeof() comparissions leading
    to interger overflow and out of array accesses

https://github.com/FFmpeg/FFmpeg/commit/547d690d676064069d44703a1917e0dab7e33445
    Fixes out of array (on heap) writes in ffv1 decoding
    https://trac.ffmpeg.org/ticket/2906
    Found-by: ami_stuff

https://github.com/FFmpeg/FFmpeg/commit/780669ef7c23c00836a24921fcc6b03be2b8ca4a
    Fixes out of array write in jpeg2000 decoding
    https://trac.ffmpeg.org/ticket/3080
    Found-by: ami_stuff

https://github.com/FFmpeg/FFmpeg/commit/821a5938d100458f4d09d634041b05c860554ce0
    Fix order of align and pixel size multiplication.
    Fixes out of array accesses in g2m4
    https://trac.ffmpeg.org/ticket/2922
    Found-by: ami_stuff

https://github.com/FFmpeg/FFmpeg/commit/86736f59d6a527d8bc807d09b93f971c0fe0bb07
    avcodec/pngdsp: fix (un)signed type in end comparission
    Fixes out of array writes in png decoding
    https://trac.ffmpeg.org/ticket/2919
    Found_by: ami_stuff

https://github.com/FFmpeg/FFmpeg/commit/880c73cd76109697447fbfbaa8e5ee5683309446
    avcodec/flashsv: check diff_start/height
    Fixes out of array accesses
    https://trac.ffmpeg.org/ticket/2844
    Found-by: ami_stuff

https://github.com/FFmpeg/FFmpeg/commit/8bb11c3ca77b52e05a9ed1496a65f8a76e6e2d8f
    Check cdx/y values more carefully
    Fixes out of array accesses in jpeg2000 decoding
    https://trac.ffmpeg.org/ticket/2848
    Found-by: Piotr Bandurski <ami_stuff@...pl>

https://github.com/FFmpeg/FFmpeg/commit/912ce9dd2080c5837285a471d750fa311e09b555
    fix dereferencing invalid pointers in jpeg2000 decoding
    Found-by: Laurent Butti <laurentb@...il.com>

https://github.com/FFmpeg/FFmpeg/commit/9a271a9368eaabf99e6c2046103acb33957e63b7
    jpeg2000: check log2_cblk dimensions
    Fixes out of array access
    https://trac.ffmpeg.org/ticket/2895
    Found-by: Piotr Bandurski <ami_stuff@...pl>

https://github.com/FFmpeg/FFmpeg/commit/a1b9004b768bef606ee98d417bceb9392ceb788d
    avcodec/jpeg2000dec: fix context consistency with too large lowres
    Fixes out of array accesses in jpeg2000 decoding
    https://trac.ffmpeg.org/ticket/2898

https://github.com/FFmpeg/FFmpeg/commit/b05cd1ea7e45a836f7f6071a716c38bb30326e0f
    ffv1dec: Check bits_per_raw_sample and colorspace for equality in ver 0/1 headers
    prevents inconsistency and out of array write

https://github.com/FFmpeg/FFmpeg/commit/cdd5df8189ff1537f7abe8defe971f80602cc2d2
    avfilter/vf_fps: make sure the fifo is not empty before using it
    fixes double free in the fps filter
    https://trac.ffmpeg.org/ticket/2905

https://github.com/FFmpeg/FFmpeg/commit/e07ac727c1cc9eed39e7f9117c97006f719864bd
    fixes out of array access in g2m4
    https://trac.ffmpeg.org/ticket/2971
    Found-by: ami_stuff

https://github.com/FFmpeg/FFmpeg/commit/f31011e9abfb2ae75bb32bc44e2c34194c8dc40a
    out of array write (on heap) in case of realloc failure
    https://trac.ffmpeg.org/ticket/2982

https://github.com/FFmpeg/FFmpeg/commit/fe448cd28d674c3eff3072552eae366d0b659ce9
    avcodec/jpeg2000dec: prevent out of array accesses in pixel addressing
    https://trac.ffmpeg.org/ticket/2921


-- 
Michael     GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB

When the tyrant has disposed of foreign enemies by conquest or treaty, and
there is nothing more to fear from them, then he is always stirring up
some war or other, in order that the people may require a leader. -- Plato

Download attachment "signature.asc" of type "application/pgp-signature" (199 bytes)

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.