English | Deutsch | Español | Português
 UserID:
 Passwd:
new user
 About:   Dedicated  | Advanced  | Standard  | Recurring  | No Risk  | Desktop  | Basic  | Single  | Security Seal  | FAQ
  Price/Feature Summary  | Order  | New Vulnerabilities  | Confidentiality  | Vulnerability Search
 Vulnerability   
Search   
    Search 143769 CVE descriptions
and 71225 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.891611
Category:Debian Local Security Checks
Title:Debian LTS Advisory ([SECURITY] [DLA 1611-1 and DLA 1611-2] libav security update)
Summary:DLA 1611-1:;;Several security issues have been corrected in multiple demuxers and;decoders of the libav multimedia library.;;CVE-2014-9317;; The decode_ihdr_chunk function in libavcodec/pngdec.c allowed remote; attackers to cause a denial of service (out-of-bounds heap access); and possibly had other unspecified impact via an IDAT before an IHDR; in a PNG file. The issue got addressed by checking IHDR/IDAT order.;;CVE-2015-6761;; The update_dimensions function in libavcodec/vp8.c in libav relies on; a coefficient-partition count during multi-threaded operation, which; allowed remote attackers to cause a denial of service (race condition; and memory corruption) or possibly have unspecified other impact via; a crafted WebM file. This issue has been resolved by using; num_coeff_partitions in thread/buffer setup. The variable is not a; constant and can lead to race conditions.;;CVE-2015-6818;; The decode_ihdr_chunk function in libavcodec/pngdec.c did not enforce; uniqueness of the IHDR (aka image header) chunk in a PNG image, which; allowed remote attackers to cause a denial of service (out-of-bounds; array access) or possibly have unspecified other impact via a crafted; image with two or more of these chunks. This has now been fixed by; only allowing one IHDR chunk. Multiple IHDR chunks are forbidden in; PNG.;;CVE-2015-6820;; The ff_sbr_apply function in libavcodec/aacsbr.c did not check for a; matching AAC frame syntax element before proceeding with Spectral; Band Replication calculations, which allowed remote attackers to; cause a denial of service (out-of-bounds array access) or possibly; have unspecified other impact via crafted AAC data. This has now been; fixed by checking that the element type matches before applying SBR.;;CVE-2015-6821;; The ff_mpv_common_init function in libavcodec/mpegvideo.c did not; properly maintain the encoding context, which allowed remote; attackers to cause a denial of service (invalid pointer access) or; possibly have unspecified other impact via crafted MPEG data. The; issue has been resolved by clearing pointers in ff_mpv_common_init().; This ensures that no stale pointers leak through on any path.;;CVE-2015-6822;; The destroy_buffers function in libavcodec/sanm.c did not properly; maintain height and width values in the video context, which allowed; remote attackers to cause a denial of service (segmentation violation; and application crash) or possibly have unspecified other impact via; crafted LucasArts Smush video data. The solution to this was to reset; sizes in destroy_buffers() in avcodec/sanm.c.;;CVE-2015-6823;; Other than stated in the debian/changelog file, this issue; has not yet been fixed for libav in Debian jessie LTS.;;CVE-2015-6824;; Other than stated in the debian/changelog file, this issue; has not yet been fixed for libav in Debian jessie LTS.;;CVE-2015-6825;; The ff_frame_thread_init function in libavcodec/pthread_frame.c; mishandled certain memory-allocation failures, which allowed remote; attackers to cause a denial of service (invalid pointer access) or; possibly have unspecified other impact via a crafted file, as; demonstrated by an AVI file. Clearing priv_data in; avcodec/pthread_frame.c has resolved this and now avoids stale; pointer in error case.;;CVE-2015-6826;; The ff_rv34_decode_init_thread_copy function in libavcodec/rv34.c did; not initialize certain structure members, which allowed remote; attackers to cause a denial of service (invalid pointer access) or; possibly have unspecified other impact via crafted (1) RV30 or (2); RV40 RealVideo data. This issue got addressed by clearing pointers in; ff_rv34_decode_init_thread_copy() in avcodec/rv34.c, which avoids; leaving stale pointers.;;CVE-2015-8216;; The ljpeg_decode_yuv_scan function in libavcodec/mjpegdec.c in FFmpeg; omitted certain width and height checks, which allowed remote; attackers to cause a denial of service (out-of-bounds array access); or possibly have unspecified other impact via crafted MJPEG data. The; issues have been fixed by adding a check for index to; avcodec/mjpegdec.c in ljpeg_decode_yuv_scan() before using it, which; fixes an out of array access.;;CVE-2015-8217;; The ff_hevc_parse_sps function in libavcodec/hevc_ps.c did not; validate the Chroma Format Indicator, which allowed remote attackers; to cause a denial of service (out-of-bounds array access) or possibly; have unspecified other impact via crafted High Efficiency Video; Coding (HEVC) data. A check of chroma_format_idc in avcodec/hevc_ps.c; has now been added to fix this out of array access.;;CVE-2015-8363;; The jpeg2000_read_main_headers function in libavcodec/jpeg2000dec.c; did not enforce uniqueness of the SIZ marker in a JPEG 2000 image,; which allowed remote attackers to cause a denial of service; (out-of-bounds heap-memory access) or possibly have unspecified other; impact via a crafted image with two or more of these markers. In; avcodec/jpeg2000dec.c a check for duplicate SIZ marker has been added; to fix this.;;CVE-2015-8364;; Integer overflow in the ff_ivi_init_planes function in; libavcodec/ivi.c allowed remote attackers to cause a denial of; service (out-of-bounds heap-memory access) or possibly have; unspecified other impact via crafted image dimensions in Indeo Video; Interactive data. A check of image dimensions has been added to the; code (in avcodec/ivi.c) that fixes this integer overflow now.;;CVE-2015-8661;; The h264_slice_header_init function in libavcodec/h264_slice.c did; not validate the relationship between the number of threads and the; number of slices, which allowed remote attackers to cause a denial of; service (out-of-bounds array access) or possibly have unspecified; other impact via crafted H.264 data. In avcodec/h264_slice.c now; max_contexts gets limited when slice_context_count is initialized.; This avoids an out of array access.;;CVE-2015-8662;; The ff_dwt_decode function in libavcodec/jpeg2000dwt.c did not; validate the number of decomposition levels before proceeding with; Discrete Wavelet Transform decoding, which allowed remote attackers; to cause a denial of service (out-of-bounds array access) or possibly; have unspecified other impact via crafted JPEG 2000 data. In; avcodec/jpeg2000dwt.c a check of ndeclevels has been added before; calling dwt_decode*(). This fixes an out of array access.;;CVE-2015-8663;; The ff_get_buffer function in libavcodec/utils.c preserved width and; height values after a failure, which allowed remote attackers to; cause a denial of service (out-of-bounds array access) or possibly; have unspecified other impact via a crafted .mov file. Now,; dimensions get cleared in ff_get_buffer() on failure, which fixes; the cause for an out of array access.;;CVE-2016-10190;; A heap-based buffer overflow in libavformat/http.c allowed remote web; servers to execute arbitrary code via a negative chunk size in an; HTTP response. In libavformat/http.c the length/offset-related; variables have been made unsigned. This fix required inclusion of; two other changes ported from ffmpeg upstream Git (commits 3668701f; and 362c17e6).;;CVE-2016-10191;; Another heap-based buffer overflow in libavformat/rtmppkt.c allowed; remote attackers to execute arbitrary code by leveraging failure to; check for RTMP packet size mismatches. By checking for packet size; mismatched, this out of array access has been resolved.;;DLA 1611-2:;;Two more security issues have been corrected in the libav multimedia library. This is a follow-up announcement for DLA-1611-1.;;CVE-2015-6823;;The allocate_buffers function in libavcodec/alac.c did not initialize;certain context data, which allowed remote attackers to cause a;denial of service (segmentation violation) or possibly have;unspecified other impact via crafted Apple Lossless Audio Codec;(ALAC) data. This issues has now been addressed by clearing pointers;in avcodec/alac.c's allocate_buffers().;;Other than stated in debian/changelog of upload 6:11.12-1~deb8u2,;this issue only now got fixed with upload of 6:11.12-1~deb8u3.;;CVE-2015-6824;;The sws_init_context function in libswscale/utils.c did not;initialize certain pixbuf data structures, which allowed remote;attackers to cause a denial of service (segmentation violation) or;possibly have unspecified other impact via crafted video data. In;swscale/utils.c now these pix buffers get cleared which fixes use of;uninitialized memory.;;Other than stated in debian/changelog of upload 6:11.12-1~deb8u2,;this issue only now got fixed with upload of 6:11.12-1~deb8u3.
Description:Summary:
DLA 1611-1:

Several security issues have been corrected in multiple demuxers and
decoders of the libav multimedia library.

CVE-2014-9317

The decode_ihdr_chunk function in libavcodec/pngdec.c allowed remote
attackers to cause a denial of service (out-of-bounds heap access)
and possibly had other unspecified impact via an IDAT before an IHDR
in a PNG file. The issue got addressed by checking IHDR/IDAT order.

CVE-2015-6761

The update_dimensions function in libavcodec/vp8.c in libav relies on
a coefficient-partition count during multi-threaded operation, which
allowed remote attackers to cause a denial of service (race condition
and memory corruption) or possibly have unspecified other impact via
a crafted WebM file. This issue has been resolved by using
num_coeff_partitions in thread/buffer setup. The variable is not a
constant and can lead to race conditions.

CVE-2015-6818

The decode_ihdr_chunk function in libavcodec/pngdec.c did not enforce
uniqueness of the IHDR (aka image header) chunk in a PNG image, which
allowed remote attackers to cause a denial of service (out-of-bounds
array access) or possibly have unspecified other impact via a crafted
image with two or more of these chunks. This has now been fixed by
only allowing one IHDR chunk. Multiple IHDR chunks are forbidden in
PNG.

CVE-2015-6820

The ff_sbr_apply function in libavcodec/aacsbr.c did not check for a
matching AAC frame syntax element before proceeding with Spectral
Band Replication calculations, which allowed remote attackers to
cause a denial of service (out-of-bounds array access) or possibly
have unspecified other impact via crafted AAC data. This has now been
fixed by checking that the element type matches before applying SBR.

CVE-2015-6821

The ff_mpv_common_init function in libavcodec/mpegvideo.c did not
properly maintain the encoding context, which allowed remote
attackers to cause a denial of service (invalid pointer access) or
possibly have unspecified other impact via crafted MPEG data. The
issue has been resolved by clearing pointers in ff_mpv_common_init().
This ensures that no stale pointers leak through on any path.

CVE-2015-6822

The destroy_buffers function in libavcodec/sanm.c did not properly
maintain height and width values in the video context, which allowed
remote attackers to cause a denial of service (segmentation violation
and application crash) or possibly have unspecified other impact via
crafted LucasArts Smush video data. The solution to this was to reset
sizes in destroy_buffers() in avcodec/sanm.c.

CVE-2015-6823

Other than stated in the debian/changelog file, this issue
has not yet been fixed for libav in Debian jessie LTS.

CVE-2015-6824

Other than stated in the debian/changelog file, this issue
has not yet been fixed for libav in Debian jessie LTS.

CVE-2015-6825

The ff_frame_thread_init function in libavcodec/pthread_frame.c
mishandled certain memory-allocation failures, which allowed remote
attackers to cause a denial of service (invalid pointer access) or
possibly have unspecified other impact via a crafted file, as
demonstrated by an AVI file. Clearing priv_data in
avcodec/pthread_frame.c has resolved this and now avoids stale
pointer in error case.

CVE-2015-6826

The ff_rv34_decode_init_thread_copy function in libavcodec/rv34.c did
not initialize certain structure members, which allowed remote
attackers to cause a denial of service (invalid pointer access) or
possibly have unspecified other impact via crafted (1) RV30 or (2)
RV40 RealVideo data. This issue got addressed by clearing pointers in
ff_rv34_decode_init_thread_copy() in avcodec/rv34.c, which avoids
leaving stale pointers.

CVE-2015-8216

The ljpeg_decode_yuv_scan function in libavcodec/mjpegdec.c in FFmpeg
omitted certain width and height checks, which allowed remote
attackers to cause a denial of service (out-of-bounds array access)
or possibly have unspecified other impact via crafted MJPEG data. The
issues have been fixed by adding a check for index to
avcodec/mjpegdec.c in ljpeg_decode_yuv_scan() before using it, which
fixes an out of array access.

CVE-2015-8217

The ff_hevc_parse_sps function in libavcodec/hevc_ps.c did not
validate the Chroma Format Indicator, which allowed remote attackers
to cause a denial of service (out-of-bounds array access) or possibly
have unspecified other impact via crafted High Efficiency Video
Coding (HEVC) data. A check of chroma_format_idc in avcodec/hevc_ps.c
has now been added to fix this out of array access.

CVE-2015-8363

The jpeg2000_read_main_headers function in libavcodec/jpeg2000dec.c
did not enforce uniqueness of the SIZ marker in a JPEG 2000 image,
which allowed remote attackers to cause a denial of service
(out-of-bounds heap-memory access) or possibly have unspecified other
impact via a crafted image with two or more of these markers. In
avcodec/jpeg2000dec.c a check for duplicate SIZ marker has been added
to fix this.

CVE-2015-8364

Integer overflow in the ff_ivi_init_planes function in
libavcodec/ivi.c allowed remote attackers to cause a denial of
service (out-of-bounds heap-memory access) or possibly have
unspecified other impact via crafted image dimensions in Indeo Video
Interactive data. A check of image dimensions has been added to the
code (in avcodec/ivi.c) that fixes this integer overflow now.

CVE-2015-8661

The h264_slice_header_init function in libavcodec/h264_slice.c did
not validate the relationship between the number of threads and the
number of slices, which allowed remote attackers to cause a denial of
service (out-of-bounds array access) or possibly have unspecified
other impact via crafted H.264 data. In avcodec/h264_slice.c now
max_contexts gets limited when slice_context_count is initialized.
This avoids an out of array access.

CVE-2015-8662

The ff_dwt_decode function in libavcodec/jpeg2000dwt.c did not
validate the number of decomposition levels before proceeding with
Discrete Wavelet Transform decoding, which allowed remote attackers
to cause a denial of service (out-of-bounds array access) or possibly
have unspecified other impact via crafted JPEG 2000 data. In
avcodec/jpeg2000dwt.c a check of ndeclevels has been added before
calling dwt_decode*(). This fixes an out of array access.

CVE-2015-8663

The ff_get_buffer function in libavcodec/utils.c preserved width and
height values after a failure, which allowed remote attackers to
cause a denial of service (out-of-bounds array access) or possibly
have unspecified other impact via a crafted .mov file. Now,
dimensions get cleared in ff_get_buffer() on failure, which fixes
the cause for an out of array access.

CVE-2016-10190

A heap-based buffer overflow in libavformat/http.c allowed remote web
servers to execute arbitrary code via a negative chunk size in an
HTTP response. In libavformat/http.c the length/offset-related
variables have been made unsigned. This fix required inclusion of
two other changes ported from ffmpeg upstream Git (commits 3668701f
and 362c17e6).

CVE-2016-10191

Another heap-based buffer overflow in libavformat/rtmppkt.c allowed
remote attackers to execute arbitrary code by leveraging failure to
check for RTMP packet size mismatches. By checking for packet size
mismatched, this out of array access has been resolved.

DLA 1611-2:

Two more security issues have been corrected in the libav multimedia library. This is a follow-up announcement for DLA-1611-1.

CVE-2015-6823

The allocate_buffers function in libavcodec/alac.c did not initialize
certain context data, which allowed remote attackers to cause a
denial of service (segmentation violation) or possibly have
unspecified other impact via crafted Apple Lossless Audio Codec
(ALAC) data. This issues has now been addressed by clearing pointers
in avcodec/alac.c's allocate_buffers().

Other than stated in debian/changelog of upload 6:11.12-1~
deb8u2,
this issue only now got fixed with upload of 6:11.12-1~
deb8u3.

CVE-2015-6824

The sws_init_context function in libswscale/utils.c did not
initialize certain pixbuf data structures, which allowed remote
attackers to cause a denial of service (segmentation violation) or
possibly have unspecified other impact via crafted video data. In
swscale/utils.c now these pix buffers get cleared which fixes use of
uninitialized memory.

Other than stated in debian/changelog of upload 6:11.12-1~
deb8u2,
this issue only now got fixed with upload of 6:11.12-1~
deb8u3.

Affected Software/OS:
libav on Debian Linux

Solution:
For Debian 8 'Jessie', these problems have been fixed in version
6:11.12-1~
deb8u3.

We recommend that you upgrade your libav packages.

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2014-9317
https://lists.debian.org/debian-lts-announce/2018/12/msg00009.html
https://security.gentoo.org/glsa/201603-06
Common Vulnerability Exposure (CVE) ID: CVE-2015-6761
Debian Security Information: DSA-3376 (Google Search)
http://www.debian.org/security/2015/dsa-3376
https://security.gentoo.org/glsa/201603-09
RedHat Security Advisories: RHSA-2015:1912
http://rhn.redhat.com/errata/RHSA-2015-1912.html
http://www.ubuntu.com/usn/USN-2770-1
http://www.ubuntu.com/usn/USN-2770-2
BugTraq ID: 77073
http://www.securityfocus.com/bid/77073
http://www.securitytracker.com/id/1033816
Common Vulnerability Exposure (CVE) ID: CVE-2015-6818
http://www.ubuntu.com/usn/USN-2944-1
http://www.securitytracker.com/id/1033483
Common Vulnerability Exposure (CVE) ID: CVE-2015-6820
Common Vulnerability Exposure (CVE) ID: CVE-2015-6821
Common Vulnerability Exposure (CVE) ID: CVE-2015-6822
https://lists.debian.org/debian-lts-announce/2018/12/msg00010.html
Common Vulnerability Exposure (CVE) ID: CVE-2015-6823
Common Vulnerability Exposure (CVE) ID: CVE-2015-6824
Common Vulnerability Exposure (CVE) ID: CVE-2015-6825
Common Vulnerability Exposure (CVE) ID: CVE-2015-6826
Common Vulnerability Exposure (CVE) ID: CVE-2015-8216
SuSE Security Announcement: openSUSE-SU-2015:2120 (Google Search)
http://lists.opensuse.org/opensuse-updates/2015-11/msg00146.html
Common Vulnerability Exposure (CVE) ID: CVE-2015-8217
Common Vulnerability Exposure (CVE) ID: CVE-2015-8363
SuSE Security Announcement: openSUSE-SU-2015:2370 (Google Search)
http://lists.opensuse.org/opensuse-updates/2015-12/msg00118.html
Common Vulnerability Exposure (CVE) ID: CVE-2015-8364
Common Vulnerability Exposure (CVE) ID: CVE-2015-8661
SuSE Security Announcement: openSUSE-SU-2016:0089 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00004.html
http://www.securitytracker.com/id/1034539
Common Vulnerability Exposure (CVE) ID: CVE-2015-8662
Common Vulnerability Exposure (CVE) ID: CVE-2015-8663
CopyrightCopyright (c) 2018 Greenbone Networks GmbH http://greenbone.net

This is only one of 71225 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.

New User Registration
Email:
UserID:
Passwd:
Please email me your monthly newsletters, informing the latest services, improvements & surveys.
Please email me a vulnerability test announcement whenever a new test is added.
   Privacy
Registered User Login
 
UserID:   
Passwd:  

 Forgot userid or passwd?
Email/Userid:




Home | About Us | Contact Us | Partner Programs | Developer APIs | Privacy | Mailing Lists | Abuse
Security Audits | Managed DNS | Network Monitoring | Site Analyzer | Internet Research Reports
Web Probe

© 1998-2019 E-Soft Inc. All rights reserved.