From owner-svn-ports-head@FreeBSD.ORG Tue Jun 2 02:50:05 2015 Return-Path: Delivered-To: svn-ports-head@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 59E01F33; Tue, 2 Jun 2015 02:50:05 +0000 (UTC) (envelope-from jbeich@FreeBSD.org) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 3B91A1A42; Tue, 2 Jun 2015 02:50:05 +0000 (UTC) (envelope-from jbeich@FreeBSD.org) Received: from svn.freebsd.org ([127.0.1.70]) by svn.freebsd.org (8.14.9/8.14.9) with ESMTP id t522o5tt092061; Tue, 2 Jun 2015 02:50:05 GMT (envelope-from jbeich@FreeBSD.org) Received: (from jbeich@localhost) by svn.freebsd.org (8.14.9/8.14.9/Submit) id t522o45T092048; Tue, 2 Jun 2015 02:50:04 GMT (envelope-from jbeich@FreeBSD.org) Message-Id: <201506020250.t522o45T092048@svn.freebsd.org> X-Authentication-Warning: svn.freebsd.org: jbeich set sender to jbeich@FreeBSD.org using -f From: Jan Beich Date: Tue, 2 Jun 2015 02:50:04 +0000 (UTC) To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r388299 - head/security/vuxml X-SVN-Group: ports-head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-ports-head@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: SVN commit messages for the ports tree for head List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 02 Jun 2015 02:50:05 -0000 Author: jbeich Date: Tue Jun 2 02:50:04 2015 New Revision: 388299 URL: https://svnweb.freebsd.org/changeset/ports/388299 Log: Document recent ffmpeg0 vulnerabilities Modified: head/security/vuxml/vuln.xml Modified: head/security/vuxml/vuln.xml ============================================================================== --- head/security/vuxml/vuln.xml Tue Jun 2 02:33:06 2015 (r388298) +++ head/security/vuxml/vuln.xml Tue Jun 2 02:50:04 2015 (r388299) @@ -57,6 +57,131 @@ Notes: --> + + ffmpeg -- multiple vulnerabilities + + + ffmpeg + ffmpeg0 + 0.7.17,1 + + + + +

NVD and Vigilance report:

+
+

Use-after-free vulnerability in Google Chrome before + 24.0.1312.52 allows remote attackers to cause a denial of + service or possibly have unspecified other impact via vectors + involving seek operations on video data.

+
+
+

An attacker can generate an integer overflow in the + av_lzo1x_decode() function of Libav, in order to trigger a + denial of service, and possibly to execute code.

+
+
+

libavcodec/mjpegdec.c in FFmpeg before 2.4.2 considers only + dimension differences, and not bits-per-pixel differences, when + determining whether an image size has changed, which allows + remote attackers to cause a denial of service (out-of-bounds + access) or possibly have unspecified other impact via crafted + MJPEG data.

+
+
+

libavcodec/utils.c in FFmpeg before 2.4.2 omits a certain + codec ID during enforcement of alignment, which allows remote + attackers to cause a denial of service (out-of-bounds access) or + possibly have unspecified other impact via crafted JV data.

+
+
+

libavcodec/mmvideo.c in FFmpeg before 2.4.2 does not consider + all lines of HHV Intra blocks during validation of image height, + which allows remote attackers to cause a denial of service + (out-of-bounds access) or possibly have unspecified other impact + via crafted MM video data.

+
+
+

libavcodec/pngdec.c in FFmpeg before 2.4.2 accepts the + monochrome-black format without verifying that the + bits-per-pixel value is 1, which allows remote attackers to + cause a denial of service (out-of-bounds access) or possibly + have unspecified other impact via crafted PNG data.

+
+
+

libavcodec/gifdec.c in FFmpeg before 2.4.2 does not properly + compute image heights, which allows remote attackers to cause a + denial of service (out-of-bounds access) or possibly have + unspecified other impact via crafted GIF data.

+
+
+

Off-by-one error in libavcodec/smc.c in FFmpeg before 2.4.2 + allows remote attackers to cause a denial of service + (out-of-bounds access) or possibly have unspecified other impact + via crafted Quicktime Graphics (aka SMC) video data.

+
+
+

The mjpeg_decode_app function in libavcodec/mjpegdec.c in + FFMpeg before 2.1.6, 2.2.x through 2.3.x, and 2.4.x before 2.4.4 + allows remote attackers to cause a denial of service + (out-of-bounds heap access) and possibly have other unspecified + impact via vectors related to LJIF tags in an MJPEG file.

+
+
+

The decode_ihdr_chunk function in libavcodec/pngdec.c in + FFMpeg before 2.1.6, 2.2.x through 2.3.x, and 2.4.x before 2.4.4 + allows remote attackers to cause a denial of service + (out-of-bounds heap access) and possibly have other unspecified + impact via an IDAT before an IHDR in a PNG file.

+
+
+

The vmd_decode function in libavcodec/vmdvideo.c in FFmpeg + before 2.5.2 does not validate the relationship between a + certain length value and the frame width, which allows remote + attackers to cause a denial of service (out-of-bounds array + access) or possibly have unspecified other impact via crafted + Sierra VMD video data.

+
+
+

An attacker can force a read at an invalid address in + mjpegdec.c of FFmpeg, in order to trigger a denial of + service.

+
+ +
+ + CVE-2012-5150 + CVE-2014-4609 + CVE-2014-8541 + CVE-2014-8542 + CVE-2014-8543 + CVE-2014-8545 + CVE-2014-8547 + CVE-2014-8548 + CVE-2014-9316 + CVE-2014-9317 + CVE-2014-9603 + CVE-2015-1872 + https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=c3ece52decafc4923aebe7fd74b274e9ebb1962e + https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=1b291e0466308b341bc2e8c2a49d44862400f014 + https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=b5e661bcd2bb4fe771cb2c1e21215c68e6a17665 + https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=cd3c4d8c55222337b0b59af4ea1fecfb46606e5e + https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=73962e677d871fa0dde5385ee04ea07c048d8864 + https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=7a5590ef4282e19d48d70cba0bc4628c13ec6fd8 + https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=ef32bc8dde52439afd13988f56012a9f4dd55a83 + https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=5b2097626d0e4ccb432d7d8ab040aa8dbde9eb3a + https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=30e8a375901f8802853fd6d478b77a127d208bd6 + https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=cb1db92cca98f963e91f421ee0c84f8866325a73 + https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=fac6f744d8170585f05e098ce9c9f27eeffa818e + https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=75b0cfcf105c8720a47a2ee80a70ba16799d71b7 + https://ffmpeg.org/security.html + + + 2015-03-12 + 2015-06-02 + +
+ avidemux26 -- multiple vulnerabilities in bundled FFmpeg