Project

General

Profile

Bug #9354

Bug #9352: ffmpeg: Multiple vulnerabilities (CVE-2018-6912, CVE-2018-7751, CVE-2018-12459, CVE-2018-12460, CVE-2018-13301, CVE-2018-13303, CVE-2018-13304, CVE-2018-14394, CVE-2018-14395)

[3.8] ffmpeg: Multiple vulnerabilities (CVE-2018-6912, CVE-2018-7751, CVE-2018-12459, CVE-2018-12460, CVE-2018-13301, CVE-2018-13303, CVE-2018-13304, CVE-2018-14394, CVE-2018-14395)

Added by Alicha CH 8 months ago. Updated 8 months ago.

Status:
Closed
Priority:
Normal
Assignee:
Category:
Security
Target version:
Start date:
08/28/2018
Due date:
% Done:

100%

Estimated time:
Affected versions:
Security IDs:

Description

CVE-2018-7751: The svg_probe function in libavformat/img2dec.c in FFmpeg through 3.4.2 allows
remote attackers to cause a denial of service (Infinite Loop) via a crafted XML file.

Fixed In Version:

ffmpeg 3.4.3

References:

https://ffmpeg.org/security.html
https://nvd.nist.gov/vuln/detail/CVE-2018-7751

CVE-2018-14394: ibavformat/movenc.c in FFmpeg before 4.0.2 allows attackers to cause a denial of service
(application crash caused by a divide-by-zero error) with a user crafted Waveform audio file.

Fixed In Version:

ffmpeg 3.4.3

References:

https://ffmpeg.org/security.html
https://nvd.nist.gov/vuln/detail/CVE-2018-14394

CVE-2018-14395: libavformat/movenc.c in FFmpeg before 4.0.2 allows attackers to cause a denial of service (application crash
caused by a divide-by-zero error) with a user crafted audio file when converting to the MOV audio format.

Fixed In Version:

ffmpeg 3.4.4

References:

https://ffmpeg.org/security.html
https://nvd.nist.gov/vuln/detail/CVE-2018-14395

CVE-2018-6912: The decode_plane function in libavcodec/utvideodec.c in FFmpeg through 3.4.2 allows remote
attackers to cause a denial of service (out of array read) via a crafted AVI file.

Fixed In Version:

ffmpeg 4.0

References:

https://nvd.nist.gov/vuln/detail/CVE-2018-6912
https://ffmpeg.org/security.html

CVE-2018-12459: An inconsistent bits-per-sample value in the ff_mpeg4_decode_picture_header function in libavcodec/mpeg4videodec.c in
FFmpeg 4.0 may trigger an assertion violation while converting a crafted AVI file to MPEG4, leading to a denial of service.

Fixed In Version:

ffmpeg 4.0.1

References:

https://ffmpeg.org/security.html
https://nvd.nist.gov/vuln/detail/CVE-2018-12459

CVE-2018-12460: libavcodec in FFmpeg 4.0 may trigger a NULL pointer dereference if the studio profile is incorrectly detected
while converting a crafted AVI file to MPEG4, leading to a denial of service, related to idctdsp.c and mpegvideo.c.

Fixed In Version:

ffmpeg 4.0.1

References:

https://nvd.nist.gov/vuln/detail/CVE-2018-12460
https://ffmpeg.org/security.html

CVE-2018-13301: In FFmpeg 4.0.1, due to a missing check of a profile value before setting it, the ff_mpeg4_decode_picture_header function in
libavcodec/mpeg4videodec.c may trigger a NULL pointer dereference while converting a crafted AVI file to MPEG4, leading to a denial of service.

Fixed In Version:

ffmpeg 4.0.2

References:

https://ffmpeg.org/security.html
https://nvd.nist.gov/vuln/detail/CVE-2018-13301

CVE-2018-13303: In FFmpeg 4.0.1, a missing check for failure of a call to init_get_bits8() in the avpriv_ac3_parse_header function in
libavcodec/ac3_parser.c may trigger a NULL pointer dereference while converting a crafted AVI file to MPEG4, leading to a denial of service.

Fixed In Version:

ffmpeg 4.0.2

References:

https://ffmpeg.org/security.html

CVE-2018-13304: In libavcodec in FFmpeg 4.0.1, improper maintenance of the consistency between the context profile field and studio_profile in libavcodec may
trigger an assertion failure while converting a crafted AVI file to MPEG4, leading to a denial of service, related to error_resilience.c, h263dec.c, and mpeg4videodec.c.

Fixed In Version:

ffmpeg 4.0.2

References:

https://ffmpeg.org/security.html
https://nvd.nist.gov/vuln/detail/CVE-2018-13304

Associated revisions

Revision 244b8239 (diff)
Added by Natanael Copa 8 months ago

community/ffmpeg: security upgrade to 3.4.4

fixes #9116
fixes #9354

History

#1 Updated by Natanael Copa 8 months ago

  • Status changed from New to Resolved
  • % Done changed from 0 to 100

#2 Updated by Alicha CH 8 months ago

  • Project changed from Alpine Security to Alpine Linux
  • Category set to Security
  • Security IDs deleted (CVE-2018-6912, CVE-2018-7751, CVE-2018-12459, CVE-2018-12460, CVE-2018-13301, CVE-2018-13303, CVE-2018-13304, CVE-2018-14394, CVE-2018-14395)

#3 Updated by Alicha CH 8 months ago

  • Status changed from Resolved to Closed

Also available in: Atom PDF