Your message dated Sat, 14 Mar 2015 21:18:52 +0100
with message-id <20150314201852.gd3...@jupiter.ramacher.at>
and subject line Re: Bug#773626: libav: multiple security issues
has caused the Debian Bug report #775593,
regarding libav: CVE-2014-{8544,8546,9316,9318,9319}
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
775593: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=775593
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
package: src:libav
version: 6:0.8.16-1
severity: serious
tags: security
Hi,
the following vulnerabilities were published for libav.
CVE-2014-8541[0]:
| libavcodec/mjpegdec.c in FFmpeg before 2.4.2 considers only dimension
| differences, and not bits-per-pixel differences, when determining
| whether an image size has changed, which allows remote attackers to
| cause a denial of service (out-of-bounds access) or possibly have
| unspecified other impact via crafted MJPEG data.
CVE-2014-8542[1]:
| libavcodec/utils.c in FFmpeg before 2.4.2 omits a certain codec ID
| during enforcement of alignment, which allows remote attackers to
| cause a denial of service (out-of-bounds access) or possibly have
| unspecified other impact via crafted JV data.
CVE-2014-8543[2]:
| libavcodec/mmvideo.c in FFmpeg before 2.4.2 does not consider all
| lines of HHV Intra blocks during validation of image height, which
| allows remote attackers to cause a denial of service (out-of-bounds
| access) or possibly have unspecified other impact via crafted MM video
| data.
CVE-2014-8543[3]:
| libavcodec/mmvideo.c in FFmpeg before 2.4.2 does not consider all
| lines of HHV Intra blocks during validation of image height, which
| allows remote attackers to cause a denial of service (out-of-bounds
| access) or possibly have unspecified other impact via crafted MM video
| data.
CVE-2014-8544[4]:
| libavcodec/tiff.c in FFmpeg before 2.4.2 does not properly validate
| bits-per-pixel fields, which allows remote attackers to cause a denial
| of service (out-of-bounds access) or possibly have unspecified other
| impact via crafted TIFF data.
CVE-2014-8545[5]:
| libavcodec/pngdec.c in FFmpeg before 2.4.2 accepts the
| monochrome-black format without verifying that the bits-per-pixel
| value is 1, which allows remote attackers to cause a denial of service
| (out-of-bounds access) or possibly have unspecified other impact via
| crafted PNG data.
CVE-2014-8546[6]:
| Integer underflow in libavcodec/cinepak.c in FFmpeg before 2.4.2
| allows remote attackers to cause a denial of service (out-of-bounds
| access) or possibly have unspecified other impact via crafted Cinepak
| video data.
CVE-2014-8547[7]:
| libavcodec/gifdec.c in FFmpeg before 2.4.2 does not properly compute
| image heights, which allows remote attackers to cause a denial of
| service (out-of-bounds access) or possibly have unspecified other
| impact via crafted GIF data.
CVE-2014-8548[8]:
| Off-by-one error in libavcodec/smc.c in FFmpeg before 2.4.2 allows
| remote attackers to cause a denial of service (out-of-bounds access)
| or possibly have unspecified other impact via crafted Quicktime
| Graphics (aka SMC) video data.
CVE-2014-8549[9]:
| libavcodec/on2avc.c in FFmpeg before 2.4.2 does not constrain the
| number of channels to at most 2, which allows remote attackers to
| cause a denial of service (out-of-bounds access) or possibly have
| unspecified other impact via crafted On2 data.
CVE-2014-9316[10]:
| The mjpeg_decode_app function in libavcodec/mjpegdec.c in FFMpeg
| before 2.1.6, 2.2.x through 2.3.x, and 2.4.x before 2.4.4 allows
| remote attackers to cause a denial of service (out-of-bounds heap
| access) and possibly have other unspecified impact via vectors related
| to LJIF tags in an MJPEG file.
CVE-2014-9318[11]:
| The raw_decode function in libavcodec/rawdec.c in FFMpeg before 2.1.6,
| 2.2.x through 2.3.x, and 2.4.x before 2.4.4 allows remote attackers to
| cause a denial of service (out-of-bounds heap access) and possibly
| have other unspecified impact via a crafted .cine file that triggers
| the avpicture_get_size function to return a negative frame size.
CVE-2014-9319[12]:
| The ff_hevc_decode_nal_sps function in libavcodec/hevc_ps.c in FFMpeg
| before 2.1.6, 2.2.x through 2.3.x, and 2.4.x before 2.4.4 allows
| remote attackers to cause a denial of service (out-of-bounds access)
| via a crafted .bit file.
If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2014-8541
[1] https://security-tracker.debian.org/tracker/CVE-2014-8542
[2] https://security-tracker.debian.org/tracker/CVE-2014-8543
[3] https://security-tracker.debian.org/tracker/CVE-2014-8543
[4] https://security-tracker.debian.org/tracker/CVE-2014-8544
[5] https://security-tracker.debian.org/tracker/CVE-2014-8545
[6] https://security-tracker.debian.org/tracker/CVE-2014-8546
[7] https://security-tracker.debian.org/tracker/CVE-2014-8547
[8] https://security-tracker.debian.org/tracker/CVE-2014-8548
[9] https://security-tracker.debian.org/tracker/CVE-2014-8549
[10] https://security-tracker.debian.org/tracker/CVE-2014-9316
[11] https://security-tracker.debian.org/tracker/CVE-2014-9318
[12] https://security-tracker.debian.org/tracker/CVE-2014-9319
Please adjust the affected versions in the BTS as needed.
--- End Message ---
--- Begin Message ---
Version: 11.3-1
On 2015-01-17 20:56:02, Sebastian Ramacher wrote:
> Control: clone -1 -2
> Control: retitle -2 libav: CVE-2014-{8544,8546,9316,9318,9319}
> Control: tags -1 + fixed-upstream pending
>
> On 2014-12-20 23:31:11, Michael Gilbert wrote:
> > CVE-2014-8544[4]:
> > | libavcodec/tiff.c in FFmpeg before 2.4.2 does not properly validate
> > | bits-per-pixel fields, which allows remote attackers to cause a denial
> > | of service (out-of-bounds access) or possibly have unspecified other
> > | impact via crafted TIFF data.
>
> > CVE-2014-8546[6]:
> > | Integer underflow in libavcodec/cinepak.c in FFmpeg before 2.4.2
> > | allows remote attackers to cause a denial of service (out-of-bounds
> > | access) or possibly have unspecified other impact via crafted Cinepak
> > | video data.
>
> > CVE-2014-9316[10]:
> > | The mjpeg_decode_app function in libavcodec/mjpegdec.c in FFMpeg
> > | before 2.1.6, 2.2.x through 2.3.x, and 2.4.x before 2.4.4 allows
> > | remote attackers to cause a denial of service (out-of-bounds heap
> > | access) and possibly have other unspecified impact via vectors related
> > | to LJIF tags in an MJPEG file.
>
> > CVE-2014-9318[11]:
> > | The raw_decode function in libavcodec/rawdec.c in FFMpeg before 2.1.6,
> > | 2.2.x through 2.3.x, and 2.4.x before 2.4.4 allows remote attackers to
> > | cause a denial of service (out-of-bounds heap access) and possibly
> > | have other unspecified impact via a crafted .cine file that triggers
> > | the avpicture_get_size function to return a negative frame size.
>
> > CVE-2014-9319[12]:
> > | The ff_hevc_decode_nal_sps function in libavcodec/hevc_ps.c in FFMpeg
> > | before 2.1.6, 2.2.x through 2.3.x, and 2.4.x before 2.4.4 allows
> > | remote attackers to cause a denial of service (out-of-bounds access)
> > | via a crafted .bit file.
>
> > [4] https://security-tracker.debian.org/tracker/CVE-2014-8544
> > [6] https://security-tracker.debian.org/tracker/CVE-2014-8546
> > [10] https://security-tracker.debian.org/tracker/CVE-2014-9316
> > [11] https://security-tracker.debian.org/tracker/CVE-2014-9318
> > [12] https://security-tracker.debian.org/tracker/CVE-2014-9319
>
> I'm cloning this bug report to keep track of the unfixed CVEs.
CVE-2014-8544 has been fixed in 11.3-1, the others are marked as not affecting
libav.
Cheers
--
Sebastian Ramacher
signature.asc
Description: Digital signature
--- End Message ---
_______________________________________________
pkg-multimedia-maintainers mailing list
pkg-multimedia-maintainers@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers
