[gentoo-announce] [ GLSA 200601-06 ] xine-lib, FFmpeg: Heap-based buffer overflow - gentoo-announce

From:	Stefan Cornelius <dercorny@g.o>
To:	gentoo-announce@l.g.o
Cc:	bugtraq@×××××××××××××.com, full-disclosure@××××××××××××××.uk, security-alerts@×××××××××××××.com
Subject:	[gentoo-announce] [ GLSA 200601-06 ] xine-lib, FFmpeg: Heap-based buffer overflow
Date:	Tue, 10 Jan 2006 21:29:48
Message-Id:	`200601102206.28702.dercorny@gentoo.org`

1

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

2

Gentoo Linux Security Advisory                           GLSA 200601-06

3

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

4

                                            http://security.gentoo.org/

5

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

6

7

  Severity: Normal

8

     Title: xine-lib, FFmpeg: Heap-based buffer overflow

9

      Date: January 10, 2006

10

      Bugs: #115849, #116181

11

        ID: 200601-06

12

13

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

14

15

Synopsis

16

========

17

18

xine-lib and FFmpeg are vulnerable to a buffer overflow that may be

19

exploited by attackers to execute arbitrary code.

20

21

Background

22

==========

23

24

xine is a GPL high-performance, portable and reusable multimedia

25

playback engine. xine-lib is xine's core engine. FFmpeg is a very fast

26

video and audio converter and is used in xine-lib.

27

28

Affected packages

29

=================

30

31

    -------------------------------------------------------------------

32

     Package              /      Vulnerable      /          Unaffected

33

    -------------------------------------------------------------------

34

  1  media-libs/xine-lib         < 1.1.1-r3                >= 1.1.1-r3

35

  2  media-video/ffmpeg       < 0.4.9_p20051216     >= 0.4.9_p20051216

36

    -------------------------------------------------------------------

37

     2 affected packages on all of their supported architectures.

38

    -------------------------------------------------------------------

39

40

Description

41

===========

42

43

Simon Kilvington has reported a vulnerability in FFmpeg libavcodec. The

44

flaw is due to a buffer overflow error in the

45

"avcodec_default_get_buffer()" function. This function doesn't properly

46

handle specially crafted PNG files as a result of a heap overflow.

47

48

Impact

49

======

50

51

A remote attacker could entice a user to run an FFmpeg based

52

application on a maliciously crafted PNG file, resulting in the

53

execution of arbitrary code with the permissions of the user running

54

the application.

55

56

Workaround

57

==========

58

59

There is no known workaround at this time.

60

61

Resolution

62

==========

63

64

All xine-lib users should upgrade to the latest version:

65

66

    # emerge --sync

67

    # emerge --ask --oneshot --verbose ">=media-libs/xine-lib-1.1.1-r3"

68

69

All FFmpeg users should upgrade to the latest version:

70

71

    # emerge --sync

72

    # emerge --ask --oneshot --verbose ">=media-video/ffmpeg-0.4.9_p20051216"

73

74

References

75

==========

76

77

  [ 1 ] CVE-2005-4048

78

        http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4048

79

  [ 2 ] Original advisory

80

        http://article.gmane.org/gmane.comp.video.ffmpeg.devel/26558

81

82

Availability

83

============

84

85

This GLSA and any updates to it are available for viewing at

86

the Gentoo Security Website:

87

88

  http://security.gentoo.org/glsa/glsa-200601-06.xml

89

90

Concerns?

91

=========

92

93

Security is a primary focus of Gentoo Linux and ensuring the

94

confidentiality and security of our users machines is of utmost

95

importance to us. Any security concerns should be addressed to

96

security@g.o or alternatively, you may file a bug at

97

http://bugs.gentoo.org.

98

99

License

100

=======

101

102

Copyright 2006 Gentoo Foundation, Inc; referenced text

103

belongs to its owner(s).

104

105

The contents of this document are licensed under the

106

Creative Commons - Attribution / Share Alike license.

107

108

http://creativecommons.org/licenses/by-sa/2.0

1	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2	Gentoo Linux Security Advisory GLSA 200601-06
3	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
4	http://security.gentoo.org/
5	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
6
7	Severity: Normal
8	Title: xine-lib, FFmpeg: Heap-based buffer overflow
9	Date: January 10, 2006
10	Bugs: #115849, #116181
11	ID: 200601-06
12
13	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
14
15	Synopsis
16	========
17
18	xine-lib and FFmpeg are vulnerable to a buffer overflow that may be
19	exploited by attackers to execute arbitrary code.
20
21	Background
22	==========
23
24	xine is a GPL high-performance, portable and reusable multimedia
25	playback engine. xine-lib is xine's core engine. FFmpeg is a very fast
26	video and audio converter and is used in xine-lib.
27
28	Affected packages
29	=================
30
31	-------------------------------------------------------------------
32	Package / Vulnerable / Unaffected
33	-------------------------------------------------------------------
34	1 media-libs/xine-lib < 1.1.1-r3 >= 1.1.1-r3
35	2 media-video/ffmpeg < 0.4.9_p20051216 >= 0.4.9_p20051216
36	-------------------------------------------------------------------
37	2 affected packages on all of their supported architectures.
38	-------------------------------------------------------------------
39
40	Description
41	===========
42
43	Simon Kilvington has reported a vulnerability in FFmpeg libavcodec. The
44	flaw is due to a buffer overflow error in the
45	"avcodec_default_get_buffer()" function. This function doesn't properly
46	handle specially crafted PNG files as a result of a heap overflow.
47
48	Impact
49	======
50
51	A remote attacker could entice a user to run an FFmpeg based
52	application on a maliciously crafted PNG file, resulting in the
53	execution of arbitrary code with the permissions of the user running
54	the application.
55
56	Workaround
57	==========
58
59	There is no known workaround at this time.
60
61	Resolution
62	==========
63
64	All xine-lib users should upgrade to the latest version:
65
66	# emerge --sync
67	# emerge --ask --oneshot --verbose ">=media-libs/xine-lib-1.1.1-r3"
68
69	All FFmpeg users should upgrade to the latest version:
70
71	# emerge --sync
72	# emerge --ask --oneshot --verbose ">=media-video/ffmpeg-0.4.9_p20051216"
73
74	References
75	==========
76
77	[ 1 ] CVE-2005-4048
78	http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4048
79	[ 2 ] Original advisory
80	http://article.gmane.org/gmane.comp.video.ffmpeg.devel/26558
81
82	Availability
83	============
84
85	This GLSA and any updates to it are available for viewing at
86	the Gentoo Security Website:
87
88	http://security.gentoo.org/glsa/glsa-200601-06.xml
89
90	Concerns?
91	=========
92
93	Security is a primary focus of Gentoo Linux and ensuring the
94	confidentiality and security of our users machines is of utmost
95	importance to us. Any security concerns should be addressed to
96	security@g.o or alternatively, you may file a bug at
97	http://bugs.gentoo.org.
98
99	License
100	=======
101
102	Copyright 2006 Gentoo Foundation, Inc; referenced text
103	belongs to its owner(s).
104
105	The contents of this document are licensed under the
106	Creative Commons - Attribution / Share Alike license.
107
108	http://creativecommons.org/licenses/by-sa/2.0

Gentoo Archives: gentoo-announce