Executive Summary



This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
Informations
Name MDVSA-2012:074 First vendor Publication 2012-05-14
Vendor Mandriva Last vendor Modification 2012-05-14
Severity (Vendor) N/A Revision N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C)
Cvss Base Score 9.3 Attack Range Network
Cvss Impact Score 10 Attack Complexity Medium
Cvss Expoit Score 8.6 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Multiple vulnerabilities has been found and corrected in ffmpeg:

The Matroska format decoder in FFmpeg does not properly allocate memory, which allows remote attackers to execute arbitrary code via a crafted file (CVE-2011-3362, CVE-2011-3504).

cavsdec.c in libavcodec in FFmpeg allows remote attackers to cause a denial of service (incorrect write operation and application crash) via an invalid bitstream in a Chinese AVS video (aka CAVS) file, related to the decode_residual_block, check_for_slice, and cavs_decode_frame functions, a different vulnerability than CVE-2011-3362 (CVE-2011-3973).

Integer signedness error in the decode_residual_inter function in cavsdec.c in libavcodec in FFmpeg allows remote attackers to cause a denial of service (incorrect write operation and application crash) via an invalid bitstream in a Chinese AVS video (aka CAVS) file, a different vulnerability than CVE-2011-3362 (CVE-2011-3974).

FFmpeg does not properly implement the MKV and Vorbis media handlers, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors (CVE-2011-3893).

Heap-based buffer overflow in the Vorbis decoder in FFmpeg allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted stream (CVE-2011-3895).

An error within the QDM2 decoder (libavcodec/qdm2.c) can be exploited to cause a buffer overflow (CVE-2011-4351).

An integer overflow error within the "vp3_dequant()" function (libavcodec/vp3.c) can be exploited to cause a buffer overflow (CVE-2011-4352).

Errors within the "av_image_fill_pointers()", the "vp5_parse_coeff()", and the "vp6_parse_coeff()" functions can be exploited to trigger out-of-bounds reads (CVE-2011-4353).

It was discovered that Libav incorrectly handled certain malformed VMD files. If a user were tricked into opening a crafted VMD file, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program (CVE-2011-4364).

It was discovered that Libav incorrectly handled certain malformed SVQ1 streams. If a user were tricked into opening a crafted SVQ1 stream file, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program (CVE-2011-4579).

The updated packages have been upgraded to the 0.5.9 version where these issues has been corrected.

Additionally a couple of packages needed to be rebuilt for the new ffmpeg version and is also being provided with this advisory.

Original Source

Url : http://www.mandriva.com/security/advisories?name=MDVSA-2012:074

CWE : Common Weakness Enumeration

% Id Name
36 % CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
27 % CWE-189 Numeric Errors (CWE/SANS Top 25)
9 % CWE-787 Out-of-bounds Write (CWE/SANS Top 25)
9 % CWE-399 Resource Management Errors
9 % CWE-125 Out-of-bounds Read
9 % CWE-94 Failure to Control Generation of Code ('Code Injection')

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:13551
 
Oval ID: oval:org.mitre.oval:def:13551
Title: Heap-based buffer overflow in the Vorbis decoder in Google Chrome before 15.0.874.120 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted stream.
Description: Heap-based buffer overflow in the Vorbis decoder in Google Chrome before 15.0.874.120 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted stream.
Family: windows Class: vulnerability
Reference(s): CVE-2011-3895
Version: 15
Platform(s): Microsoft Windows 7
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows XP
Microsoft Windows 2000
Product(s): Google Chrome
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:14267
 
Oval ID: oval:org.mitre.oval:def:14267
Title: Google Chrome before 15.0.874.120 does not properly implement the MKV and Vorbis media handlers, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.
Description: Google Chrome before 15.0.874.120 does not properly implement the MKV and Vorbis media handlers, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.
Family: windows Class: vulnerability
Reference(s): CVE-2011-3893
Version: 15
Platform(s): Microsoft Windows 7
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows XP
Microsoft Windows 2000
Product(s): Google Chrome
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:14629
 
Oval ID: oval:org.mitre.oval:def:14629
Title: USN-1320-1 -- FFmpeg vulnerabilities
Description: ffmpeg: multimedia player, server and encoder FFmpeg could be made to crash or run programs as your login if it opened a specially crafted file.
Family: unix Class: patch
Reference(s): USN-1320-1
CVE-2011-3504
CVE-2011-4351
CVE-2011-4352
CVE-2011-4353
CVE-2011-4364
CVE-2011-4579
Version: 7
Platform(s): Ubuntu 10.10
Ubuntu 10.04
Product(s): FFmpeg
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:14770
 
Oval ID: oval:org.mitre.oval:def:14770
Title: DSA-2336-1 ffmpeg -- several
Description: Multiple vulnerabilities were found in the ffmpeg, a multimedia player, server and encoder: CVE-2011-3362 An integer signedness error in decode_residual_block function of the Chinese AVS video decoder in libavcodec can lead to denial of service or possible code execution via a crafted CAVS file. CVE-2011-3973/CVE-2011-3974 Multiple errors in the Chinese AVS video decoder can lead to denial of service via an invalid bitstream. CVE-2011-3504 A memory allocation problem in the Matroska format decoder can lead to code execution via a crafted file.
Family: unix Class: patch
Reference(s): DSA-2336-1
CVE-2011-3362
CVE-2011-3973
CVE-2011-3974
CVE-2011-3504
Version: 7
Platform(s): Debian GNU/Linux 6.0
Debian GNU/kFreeBSD 6.0
Product(s): ffmpeg
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:15186
 
Oval ID: oval:org.mitre.oval:def:15186
Title: DSA-2378-1 ffmpeg -- several
Description: Several vulnerabilities have been discovered in ffmpeg, a multimedia player, server and encoder. Multiple input validations in the decoders for QDM2, VP5, VP6, VMD and SVQ1 files could lead to the execution of arbitrary code.
Family: unix Class: patch
Reference(s): DSA-2378-1
CVE-2011-4351
CVE-2011-4353
CVE-2011-4364
CVE-2011-4579
Version: 7
Platform(s): Debian GNU/Linux 6.0
Debian GNU/kFreeBSD 6.0
Product(s): ffmpeg
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:15405
 
Oval ID: oval:org.mitre.oval:def:15405
Title: USN-1333-1 -- Libav vulnerabilities
Description: libav: Multimedia player, server, encoder and transcoder Libav could be made to crash or run programs as your login if it opened a specially crafted file.
Family: unix Class: patch
Reference(s): USN-1333-1
CVE-2011-3504
CVE-2011-4351
CVE-2011-4352
CVE-2011-4353
CVE-2011-4364
CVE-2011-4579
Version: 7
Platform(s): Ubuntu 11.04
Ubuntu 11.10
Product(s): Libav
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:21095
 
Oval ID: oval:org.mitre.oval:def:21095
Title: USN-1209-2 -- libav vulnerabilities
Description: Libav could be made to run programs as your login if it opened a specially crafted file.
Family: unix Class: patch
Reference(s): USN-1209-2
CVE-2011-1196
CVE-2011-1931
CVE-2011-3362
Version: 5
Platform(s): Ubuntu 11.04
Product(s): libav
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:21194
 
Oval ID: oval:org.mitre.oval:def:21194
Title: USN-1209-1 -- ffmpeg vulnerabilities
Description: FFmpeg could be made to run programs as your login if it opened a specially crafted file.
Family: unix Class: patch
Reference(s): USN-1209-1
CVE-2011-1196
CVE-2011-1931
CVE-2011-2161
CVE-2011-3362
Version: 5
Platform(s): Ubuntu 10.10
Ubuntu 10.04
Product(s): ffmpeg
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 59
Application 1844
Application 36
Os 1

OpenVAS Exploits

Date Description
2013-09-18 Name : Debian Security Advisory DSA 2471-1 (ffmpeg - several vulnerabilities)
File : nvt/deb_2471_1.nasl
2012-08-03 Name : Mandriva Update for ffmpeg MDVSA-2012:075 (ffmpeg)
File : nvt/gb_mandriva_MDVSA_2012_075.nasl
2012-08-03 Name : Mandriva Update for ffmpeg MDVSA-2012:076 (ffmpeg)
File : nvt/gb_mandriva_MDVSA_2012_076.nasl
2012-02-12 Name : FreeBSD Ports: ffmpeg
File : nvt/freebsd_ffmpeg1.nasl
2012-02-12 Name : Gentoo Security Advisory GLSA 201111-05 (chromium v8)
File : nvt/glsa_201111_05.nasl
2012-02-11 Name : Debian Security Advisory DSA 2336-1 (ffmpeg)
File : nvt/deb_2336_1.nasl
2012-02-11 Name : Debian Security Advisory DSA 2378-1 (ffmpeg)
File : nvt/deb_2378_1.nasl
2012-01-20 Name : Ubuntu Update for libav USN-1333-1
File : nvt/gb_ubuntu_USN_1333_1.nasl
2012-01-09 Name : Ubuntu Update for ffmpeg USN-1320-1
File : nvt/gb_ubuntu_USN_1320_1.nasl
2011-11-15 Name : Google Chrome Multiple Vulnerabilities - November11 (Linux)
File : nvt/gb_google_chrome_mult_vuln_nov11_lin.nasl
2011-11-15 Name : Google Chrome Multiple Vulnerabilities - November11 (Mac OS X)
File : nvt/gb_google_chrome_mult_vuln_nov11_macosx.nasl
2011-11-14 Name : Google Chrome Multiple Vulnerabilities - November11 (Windows)
File : nvt/gb_google_chrome_mult_vuln_nov11_win.nasl
2011-09-23 Name : Ubuntu Update for ffmpeg USN-1209-1
File : nvt/gb_ubuntu_USN_1209_1.nasl
2011-09-23 Name : Ubuntu Update for libav USN-1209-2
File : nvt/gb_ubuntu_USN_1209_2.nasl
2011-01-24 Name : FreeBSD Ports: chromium
File : nvt/freebsd_chromium.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
78300 FFmpeg libavcodec/svq1dec.c svq1_decode_frame() Function File Handling Memory...

78090 FFmpeg libavcodec vmd_decode() Function Frame Dimension Offset Parsing Remote...

77291 FFmpeg Multiple Function Out-of-bounds Read Remote DoS

77290 FFmpeg libavcodec/vp3.c vp3_dequant() Function Unspecified Remote Overflow

77289 FFmpeg libavcodec/qdm2.c Unspecified Remote Overflow

77035 Google Chrome Vorbis Decoder Unspecified Remote Overflow

77033 Google Chrome MKV / Vorbis Media Handler Out-of-bounds Read Unspecified Remot...

76803 FFmpeg cavsdec.c libavcodec decode_residual_inter Function CAVS File Handling...

76802 FFmpeg cavsdec.c libavcodec Multiple Function CAVS File Handling Remote DoS

75621 FFmpeg Matroska File Handling Remote Code Execution

74926 ffmpeg libavcodec/cavsdec.c Multiple Function Signedness Error CAVS File Hand...

Nessus® Vulnerability Scanner

Date Description
2013-10-27 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201310-12.nasl - Type : ACT_GATHER_INFO
2013-08-21 Name : The remote FreeBSD host is missing a security-related update.
File : freebsd_pkg_4d087b35099011e3a9f4bcaec565249c.nasl - Type : ACT_GATHER_INFO
2012-09-06 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2012-076.nasl - Type : ACT_GATHER_INFO
2012-05-15 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2471.nasl - Type : ACT_GATHER_INFO
2012-05-15 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2012-075.nasl - Type : ACT_GATHER_INFO
2012-01-18 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-1333-1.nasl - Type : ACT_GATHER_INFO
2012-01-16 Name : The remote FreeBSD host is missing a security-related update.
File : freebsd_pkg_ea2ddc493e8e11e180955404a67eef98.nasl - Type : ACT_GATHER_INFO
2012-01-12 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2378.nasl - Type : ACT_GATHER_INFO
2012-01-06 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-1320-1.nasl - Type : ACT_GATHER_INFO
2011-11-22 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201111-05.nasl - Type : ACT_GATHER_INFO
2011-11-11 Name : The remote host contains a web browser that is affected by multiple vulnerabi...
File : google_chrome_15_0_874_120.nasl - Type : ACT_GATHER_INFO
2011-11-08 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2336.nasl - Type : ACT_GATHER_INFO
2011-09-20 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-1209-1.nasl - Type : ACT_GATHER_INFO
2011-09-20 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-1209-2.nasl - Type : ACT_GATHER_INFO
2010-12-08 Name : The remote FreeBSD host is missing a security-related update.
File : freebsd_pkg_6887828f022911e0b84d00262d5ed8ee.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
Date Informations
2013-12-09 21:24:17
  • Multiple Updates