[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <5296F8AC.7010501@redhat.com>
Date: Thu, 28 Nov 2013 01:02:52 -0700
From: Kurt Seifried <kseifried@...hat.com>
To: oss-security@...ts.openwall.com
CC: ffmpeg-security@...peg.org
Subject: Re: CVE Request: FFmpeg 2.1 multiple problems
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Ok tracked down who reported most of these, but two are still unknown:
https://github.com/FFmpeg/FFmpeg/commit/29ffeef5e73b8f41ff3a3f2242d356759c66f91f
fixes a deadlock in h264 decoding
https://trac.ffmpeg.org/ticket/2927 ami_stuff
https://github.com/FFmpeg/FFmpeg/commit/3819db745da2ac7fb3faacb116788c32f4753f34
Fixes out of array (on heap) writes in rpza decoding
https://trac.ffmpeg.org/ticket/2850 ami_stuff
https://github.com/FFmpeg/FFmpeg/commit/454a11a1c9c686c78aa97954306fb63453299760
avcodec/dsputil: fix signedness in sizeof() comparissions leading
to interger overflow and out of array accesses
Who reported this?
https://github.com/FFmpeg/FFmpeg/commit/547d690d676064069d44703a1917e0dab7e33445
Fixes out of array (on heap) writes in ffv1 decoding
https://trac.ffmpeg.org/ticket/2906 ami_stuff
Found-by: ami_stuff
https://github.com/FFmpeg/FFmpeg/commit/780669ef7c23c00836a24921fcc6b03be2b8ca4a
Fixes out of array write in jpeg2000 decoding
https://trac.ffmpeg.org/ticket/3080 ami_stuff
Found-by: ami_stuff
https://github.com/FFmpeg/FFmpeg/commit/821a5938d100458f4d09d634041b05c860554ce0
Fix order of align and pixel size multiplication.
Fixes out of array accesses in g2m4
https://trac.ffmpeg.org/ticket/2922 ami_stuff
Found-by: ami_stuff
https://github.com/FFmpeg/FFmpeg/commit/86736f59d6a527d8bc807d09b93f971c0fe0bb07
avcodec/pngdsp: fix (un)signed type in end comparission
Fixes out of array writes in png decoding
https://trac.ffmpeg.org/ticket/2919 ami_stuff
Found_by: ami_stuff
https://github.com/FFmpeg/FFmpeg/commit/880c73cd76109697447fbfbaa8e5ee5683309446
avcodec/flashsv: check diff_start/height
Fixes out of array accesses
https://trac.ffmpeg.org/ticket/2844 ami_stuff
Found-by: ami_stuff
https://github.com/FFmpeg/FFmpeg/commit/8bb11c3ca77b52e05a9ed1496a65f8a76e6e2d8f
Check cdx/y values more carefully
Fixes out of array accesses in jpeg2000 decoding
https://trac.ffmpeg.org/ticket/2848 ami_stuff
Found-by: Piotr Bandurski <ami_stuff@...pl>
https://github.com/FFmpeg/FFmpeg/commit/912ce9dd2080c5837285a471d750fa311e09b555
fix dereferencing invalid pointers in jpeg2000 decoding
Found-by: Laurent Butti <laurentb@...il.com>
https://github.com/FFmpeg/FFmpeg/commit/9a271a9368eaabf99e6c2046103acb33957e63b7
jpeg2000: check log2_cblk dimensions
Fixes out of array access
https://trac.ffmpeg.org/ticket/2895 ami_stuff
Found-by: Piotr Bandurski <ami_stuff@...pl>
https://github.com/FFmpeg/FFmpeg/commit/a1b9004b768bef606ee98d417bceb9392ceb788d
avcodec/jpeg2000dec: fix context consistency with too large lowres
Fixes out of array accesses in jpeg2000 decoding
https://trac.ffmpeg.org/ticket/2898 ami_stuff
https://github.com/FFmpeg/FFmpeg/commit/b05cd1ea7e45a836f7f6071a716c38bb30326e0f
ffv1dec: Check bits_per_raw_sample and colorspace for equality in
ver 0/1 headers
prevents inconsistency and out of array write
Who reported this?
https://github.com/FFmpeg/FFmpeg/commit/cdd5df8189ff1537f7abe8defe971f80602cc2d2
avfilter/vf_fps: make sure the fifo is not empty before using it
fixes double free in the fps filter
https://trac.ffmpeg.org/ticket/2905 Krieger
https://github.com/FFmpeg/FFmpeg/commit/e07ac727c1cc9eed39e7f9117c97006f719864bd
fixes out of array access in g2m4
https://trac.ffmpeg.org/ticket/2971 ami_stuff
Found-by: ami_stuff
https://github.com/FFmpeg/FFmpeg/commit/f31011e9abfb2ae75bb32bc44e2c34194c8dc40a
out of array write (on heap) in case of realloc failure
https://trac.ffmpeg.org/ticket/2982 ami_stuff
https://github.com/FFmpeg/FFmpeg/commit/fe448cd28d674c3eff3072552eae366d0b659ce9
avcodec/jpeg2000dec: prevent out of array accesses in pixel addressing
https://trac.ffmpeg.org/ticket/2921 ami_stuff
can you let me know who reported those two?
- --
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.15 (GNU/Linux)
iQIcBAEBAgAGBQJSlvisAAoJEBYNRVNeJnmTAGAQAL9SOMAf0gLF/cGp1aEnYLZ4
oV8sTokf+jE6+yzlNZ7yglRj5h287jOY/hljUNWzKHfsGHXh9y0rnflmVBJ1+UUt
AMtf6vJ3WrJXUQjahtsigEcgjJUnTygCOiLAhZwoLbJVRKpDP5G9v3qMP435hUS4
p2AueazJinpAF+mHkM/CEZ4tgqzZu2yqcdCh+0EpY1ClbNbi/mMcIaZGtyyR5Yh9
uaonzHt4fb8LYQNRSs4AbziHo/X8uup+fiFom2jdi3I9Igno9tM+JgiiG0ai+9EO
p/OVLPu5OVpebdYIQdeNE0BU41Obcsdf/5NFhxNCCCRo1rfdcl/ZuycMAYpeF7ih
AugUDIJDyHJMK1pZoPBfHeDLtJXQkIbM9Jkjbth1znvbcXQBdWU8REoV8P/M/FjD
mSKjOk0S9PaPsUB7Pw6s+dKE5zARuTMTT4/bSCNRyisgkprKiMSQImqiNzaVUtLk
kHObCqmmCy2SteAgoyvyu5dGj+aPT/nXqf77rhpen/mQjsklLTnYsu4lk8mRBVCW
CkEtfddKZ1PyUfREpW4uavi1jdRK7+7aGhzq3m2OJqpoOV6YlWVTcGpZ+M62GjDY
mtU+bhwLD5tLaVR8N0Gd0RbO1mp1VhP597rs/vx0L3ZLFZb2SKnjqis3rAeHz//d
+xUg1TsiC3AQJ6IWHJOt
=hvP/
-----END PGP SIGNATURE-----
Powered by blists - more mailing lists
Please check out the
Open Source Software Security Wiki, which is counterpart to this
mailing list.
Confused about mailing lists and their use?
Read about mailing lists on Wikipedia
and check out these
guidelines on proper formatting of your messages.
