Debian Bug report logs -
#401304
CVE-2006-4800: GStreamer FFmpeg Plug-in Multiple Buffer Overflows
Toggle useless messages
Report forwarded to debian-bugs-dist@lists.debian.org, Debian Security Team <team@security.debian.org>, Maintainers of GStreamer packages <pkg-gstreamer-maintainers@lists.alioth.debian.org>:
Bug#401304; Package gstreamer0.8-ffmpeg.
(full text, mbox, link).
Acknowledgement sent to Stefan Fritsch <sf@sfritsch.de>:
New Bug report received and forwarded. Copy sent to Debian Security Team <team@security.debian.org>, Maintainers of GStreamer packages <pkg-gstreamer-maintainers@lists.alioth.debian.org>.
(full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Package: gstreamer0.8-ffmpeg
Severity: grave
Tags: security
Justification: user security hole
According to
http://secunia.com/advisories/22202/
gstreamer0.8-ffmpeg is vulnerable to an ffmpeg buffer overflow and
gstreamer0.8-ffmpeg does not seem to link dynamically against the ffmpeg in
Debian. You should try to link against ffmpeg dynamically if possible.
Please mention the CVE id in the changelog.
Information forwarded to debian-bugs-dist@lists.debian.org, Maintainers of GStreamer packages <pkg-gstreamer-maintainers@lists.alioth.debian.org>:
Bug#401304; Package gstreamer0.8-ffmpeg.
(full text, mbox, link).
Acknowledgement sent to Andreas Barth <aba@not.so.argh.org>:
Extra info received and forwarded to list. Copy sent to Maintainers of GStreamer packages <pkg-gstreamer-maintainers@lists.alioth.debian.org>.
(full text, mbox, link).
Message #12 received at 401304@bugs.debian.org (full text, mbox, reply):
tags 401304 + patch
thanks
Hi,
I have an patch - if you want, I can as well NMU it.
Cheers,
Andi
diff -ur gst-ffmpeg-0.8.7~/debian/changelog gst-ffmpeg-0.8.7/debian/changelog
--- gst-ffmpeg-0.8.7~/debian/changelog 2006-12-05 22:04:36.000000000 +0000
+++ gst-ffmpeg-0.8.7/debian/changelog 2006-12-05 22:13:32.000000000 +0000
@@ -1,3 +1,10 @@
+gst-ffmpeg (0.8.7-6.1) unstable; urgency=low
+
+ * Non-maintainer upload.
+ * Fix buffer overflow in 4XM code (CVE-2006-4800). Closes: #401304
+
+ -- Andreas Barth <aba@not.so.argh.org> Tue, 5 Dec 2006 22:08:21 +0000
+
gst-ffmpeg (0.8.7-6) unstable; urgency=low
* Backport fixes from gstreamer0.10-ffmpeg 0.10.0-2.
diff -ur gst-ffmpeg-0.8.7~/gst-libs/ext/ffmpeg/libavcodec/4xm.c gst-ffmpeg-0.8.7/gst-libs/ext/ffmpeg/libavcodec/4xm.c
--- gst-ffmpeg-0.8.7~/gst-libs/ext/ffmpeg/libavcodec/4xm.c 2005-07-20 15:39:33.000000000 +0000
+++ gst-ffmpeg-0.8.7/gst-libs/ext/ffmpeg/libavcodec/4xm.c 2006-12-05 22:08:00.000000000 +0000
@@ -606,7 +606,7 @@
int i, frame_4cc, frame_size;
frame_4cc= get32(buf);
- if(buf_size != get32(buf+4)+8){
+ if(buf_size != get32(buf+4)+8 || buf_size < 20){
av_log(f->avctx, AV_LOG_ERROR, "size mismatch %d %d\n", buf_size, get32(buf+4));
}
@@ -634,6 +634,10 @@
cfrm= &f->cfrm[i];
cfrm->data= av_fast_realloc(cfrm->data, &cfrm->allocated_size, cfrm->size + data_size + FF_INPUT_BUFFER_PADDING_SIZE);
+ if(!cfrm->data){ //explicit check needed as memcpy below might not catch a NULL
+ av_log(f->avctx, AV_LOG_ERROR, "realloc falure");
+ return -1;
+ }
memcpy(cfrm->data + cfrm->size, buf+20, data_size);
cfrm->size += data_size;
--
http://home.arcor.de/andreas-barth/
Tags added: patch
Request was from Andreas Barth <aba@not.so.argh.org>
to control@bugs.debian.org.
(full text, mbox, link).
Information forwarded to debian-bugs-dist@lists.debian.org, Maintainers of GStreamer packages <pkg-gstreamer-maintainers@lists.alioth.debian.org>:
Bug#401304; Package gstreamer0.8-ffmpeg.
(full text, mbox, link).
Acknowledgement sent to Loïc Minier <lool@dooz.org>:
Extra info received and forwarded to list. Copy sent to Maintainers of GStreamer packages <pkg-gstreamer-maintainers@lists.alioth.debian.org>.
(full text, mbox, link).
Message #21 received at 401304@bugs.debian.org (full text, mbox, reply):
On Sat, Dec 02, 2006, Stefan Fritsch wrote:
> According to
> http://secunia.com/advisories/22202/
> gstreamer0.8-ffmpeg is vulnerable to an ffmpeg buffer overflow and
> gstreamer0.8-ffmpeg does not seem to link dynamically against the ffmpeg in
> Debian. You should try to link against ffmpeg dynamically if possible.
> Please mention the CVE id in the changelog.
Patch from Andreas Barth applied and uploaded, feedback on the fix is
welcome.
Thanks,
--
Loïc Minier <lool@dooz.org>
"I have no strong feelings one way or the other." -- Neutral President
Reply sent to Loïc Minier <lool@dooz.org>:
You have taken responsibility.
(full text, mbox, link).
Notification sent to Stefan Fritsch <sf@sfritsch.de>:
Bug acknowledged by developer.
(full text, mbox, link).
Message #26 received at 401304-done@bugs.debian.org (full text, mbox, reply):
Version: 0.8.7-7
This bug was fixed in the above version, but I closed the wrnog bug in
changelog (fixed in SVN).
--
Loïc Minier <lool@dooz.org>
"I have no strong feelings one way or the other." -- Neutral President
Tags added: fixed-upstream
Request was from bts-link-upstream@lists.alioth.debian.org
to control@bugs.debian.org.
(full text, mbox, link).
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Sun, 17 Jun 2007 11:17:56 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 13:05:11 2019;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.
Vulmon