[3.8] ffmpeg: Multiple vulnerabilities (CVE-2018-6912, CVE-2018-7751, CVE-2018-12459, CVE-2018-12460, CVE-2018-13301, CVE-2018-13303, CVE-2018-13304, CVE-2018-14394, CVE-2018-14395)
CVE-2018-7751: The svg_probe function in libavformat/img2dec.c in
FFmpeg through 3.4.2 allows
remote attackers to cause a denial of service (Infinite Loop) via a
crafted XML file.
Fixed In Version:
ffmpeg 3.4.3
References:
https://ffmpeg.org/security.html
https://nvd.nist.gov/vuln/detail/CVE-2018-7751
CVE-2018-14394: ibavformat/movenc.c in FFmpeg before 4.0.2 allows
attackers to cause a denial of service
(application crash caused by a divide-by-zero error) with a user crafted
Waveform audio file.
Fixed In Version:
ffmpeg 3.4.3
References:
https://ffmpeg.org/security.html
https://nvd.nist.gov/vuln/detail/CVE-2018-14394
CVE-2018-14395: libavformat/movenc.c in FFmpeg before 4.0.2 allows
attackers to cause a denial of service (application crash
caused by a divide-by-zero error) with a user crafted audio file when
converting to the MOV audio format.
Fixed In Version:
ffmpeg 3.4.4
References:
https://ffmpeg.org/security.html
https://nvd.nist.gov/vuln/detail/CVE-2018-14395
CVE-2018-6912: The decode_plane function in libavcodec/utvideodec.c
in FFmpeg through 3.4.2 allows remote
attackers to cause a denial of service (out of array read) via a crafted
AVI file.
Fixed In Version:
ffmpeg 4.0
References:
https://nvd.nist.gov/vuln/detail/CVE-2018-6912
https://ffmpeg.org/security.html
CVE-2018-12459: An inconsistent bits-per-sample value in the
ff_mpeg4_decode_picture_header function in
libavcodec/mpeg4videodec.c in
FFmpeg 4.0 may trigger an assertion violation while converting a crafted
AVI file to MPEG4, leading to a denial of service.
Fixed In Version:
ffmpeg 4.0.1
References:
https://ffmpeg.org/security.html
https://nvd.nist.gov/vuln/detail/CVE-2018-12459
CVE-2018-12460: libavcodec in FFmpeg 4.0 may trigger a NULL pointer
dereference if the studio profile is incorrectly detected
while converting a crafted AVI file to MPEG4, leading to a denial of
service, related to idctdsp.c and mpegvideo.c.
Fixed In Version:
ffmpeg 4.0.1
References:
https://nvd.nist.gov/vuln/detail/CVE-2018-12460
https://ffmpeg.org/security.html
CVE-2018-13301: In FFmpeg 4.0.1, due to a missing check of a profile
value before setting it, the ff_mpeg4_decode_picture_header function
in
libavcodec/mpeg4videodec.c may trigger a NULL pointer dereference while
converting a crafted AVI file to MPEG4, leading to a denial of service.
Fixed In Version:
ffmpeg 4.0.2
References:
https://ffmpeg.org/security.html
https://nvd.nist.gov/vuln/detail/CVE-2018-13301
CVE-2018-13303: In FFmpeg 4.0.1, a missing check for failure of a
call to init_get_bits8() in the avpriv_ac3_parse_header function
in
libavcodec/ac3_parser.c may trigger a NULL pointer dereference while
converting a crafted AVI file to MPEG4, leading to a denial of service.
Fixed In Version:
ffmpeg 4.0.2
References:
https://ffmpeg.org/security.html
CVE-2018-13304: In libavcodec in FFmpeg 4.0.1, improper maintenance
of the consistency between the context profile field and studio_profile
in libavcodec may
trigger an assertion failure while converting a crafted AVI file to
MPEG4, leading to a denial of service, related to error_resilience.c,
h263dec.c, and mpeg4videodec.c.
Fixed In Version:
ffmpeg 4.0.2
References:
https://ffmpeg.org/security.html
https://nvd.nist.gov/vuln/detail/CVE-2018-13304
(from redmine: issue id 9354, created on 2018-08-28, closed on 2018-08-29)
- Relations:
- parent #9352 (closed)
- Changesets:
- Revision 244b8239 by Natanael Copa on 2018-08-28T15:42:23Z:
community/ffmpeg: security upgrade to 3.4.4
fixes #9116
fixes #9354