FFmpeg Multiple Remote Vulnerabilities

Summary

FFmpeg is prone to multiple remote vulnerabilities.

Credit:

The information has been provided by Oana Stratulat, ami_stuff, Gautam Gupta, cosmin, Diana Elena Muscalu, Shitiz Garg.


Details

Vulnerable Systems:
 * FFmpeg versions prior to 0.9.1

An attacker can exploit these issues to execute arbitrary code with the privileges of the user running the application and cause denial-of-service conditions.

Add missing check in avfilter_filter_samples()

CVE-2012-0848 FFmpeg 5257743aee0c3982f0079e6553aabc6aa39401d2 ws_snd1:
Fix wrong samples count and crash.

CVE-2012-0849 FFmpeg 1f99939a6361e2e6d6788494dd7c682b051c6c34 j2kdec:
Fix integer overflow leading to a segfault

CVE-2012-0850 FFmpeg 944f5b2779e4aa63f7624df6cd4de832a53db81b aacsbr:
Fix memory corruption.

CVE-2012-0851 FFmpeg 7fff64e00d886fde11d61958888c82b461cf99b9 h264:
check chroma_format_idc range.

CVE-2012-0852 FFmpeg 608708009f69ba4cecebf05120c696167494c897 adpcm:
Fix crash

CVE-2012-0853 FFmpeg 9af6abdc17deb95c9b1f1d9242ba49b8b5e0b016 atrac3:
Fix crash in tonal component decoding.

CVE-2012-0854 FFmpeg 6d8e6fe9dbc365f50521cf0c4a5ffee97c970cb5
CODEC_ID_SOL_DPCM: Fix used write buffer.

CVE-2012-0855 FFmpeg 3eedf9f716733b3b4c5205726d2c1ca52b3d3d78 j2kdec:
Check curtileno for validity

CVE-2012-0856 FFmpeg 21270cffaeab2f67a613907516b2b0cd6c9eacf4 h263dec:
Fix regression / crash with lowres.

CVE-2012-0857 FFmpeg 282bb02839b1ce73963c8e3ee46804f1ade8b12a j2kdec:
Fix crash in get_qcx

CVE-2012-0858 FFmpeg 18bcfc912e48bf77a5202a0e24a3b884b9b2ff2c shorten:
Fix invalid free()

CVE-2012-0859 FFmpeg 6fcf2bb8af0e7d6bb179e71e67e5fab8ef0d2ec2 vorbis:
Fix last quarter of CVE-2011-3893

CVE Information:
CVE-2012-0847
CVE-2012-0848
CVE-2012-0849
CVE-2012-0850
CVE-2012-0851
CVE-2012-0852
CVE-2012-0853
CVE-2012-0854
CVE-2012-0855
CVE-2012-0856
CVE-2012-0857
CVE-2012-0858
CVE-2012-0859

Disclosure Timeline:
Published: Jan 06 2012 12:00AM
Updated: Oct 22 2012 07:00AM

Categories: News