Debian Bug report logs -
#342207
ffmpeg: Exploitable heap overflow in libavcodec's image handling
Reported by: Moritz Muehlenhoff <jmm@inutil.org>
Date: Tue, 6 Dec 2005 10:03:02 UTC
Severity: grave
Tags: fixed, security
Found in version ffmpeg/0.cvs20050918-5
Fixed in version ffmpeg/0.cvs20050918-6
Done: Sam Hocevar (Debian packages) <sam+deb@zoy.org>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded to debian-bugs-dist@lists.debian.org, Debian Security Team <team@security.debian.org>, Sam Hocevar (Debian packages) <sam+deb@zoy.org>:
Bug#342207; Package ffmpeg.
(full text, mbox, link).
Acknowledgement sent to Moritz Muehlenhoff <jmm@inutil.org>:
New Bug report received and forwarded. Copy sent to Debian Security Team <team@security.debian.org>, Sam Hocevar (Debian packages) <sam+deb@zoy.org>.
(full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Package: ffmpeg
Version: 0.cvs20050918-5
Severity: grave
Tags: security
Justification: user security hole
An exploitable heap overflow has been found in libavcodec's handling
of images with PIX_FMT_PAL8 pixel formats. Please see
http://article.gmane.org/gmane.comp.video.ffmpeg.devel/26558
for more information and a demo image.
Upstream's fix can be found at
http://mplayerhq.hu/pipermail/ffmpeg-cvslog/2005-December/000979.html
Cheers,
Moritz
-- System Information:
Debian Release: testing/unstable
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.14-2-686
Locale: LANG=C, LC_CTYPE=de_DE.ISO-8859-15@euro (charmap=ISO-8859-15)
Versions of packages ffmpeg depends on:
ii libc6 2.3.5-8.1 GNU C Library: Shared libraries an
ii libdc1394-13 1.1.0-2 high level programming interface f
ii libfreetype6 2.1.10-1 FreeType 2 font engine, shared lib
ii libgsm1 1.0.10-13 Shared libraries for GSM speech co
ii libimlib2 1.2.1-2 powerful image loading and renderi
ii libogg0 1.1.2-1 Ogg Bitstream Library
ii libraw1394-5 0.10.1-1.1 library for direct access to IEEE
ii libsdl1.2debian 1.2.9-0.0 Simple DirectMedia Layer
ii libtheora0 0.0.0.alpha4-1.1 The Theora Video Compression Codec
ii libvorbis0a 1.1.0-1 The Vorbis General Audio Compressi
ii libvorbisenc2 1.1.0-1 The Vorbis General Audio Compressi
ii libx11-6 6.8.2.dfsg.1-11 X Window System protocol client li
ii xlibs 6.8.2.dfsg.1-11 X Window System client libraries m
ii zlib1g 1:1.2.3-8 compression library - runtime
ffmpeg recommends no packages.
-- no debconf information
Information forwarded to debian-bugs-dist@lists.debian.org, Sam Hocevar (Debian packages) <sam+deb@zoy.org>:
Bug#342207; Package ffmpeg.
(full text, mbox, link).
Acknowledgement sent to Moritz Muehlenhoff <jmm@inutil.org>:
Extra info received and forwarded to list. Copy sent to Sam Hocevar (Debian packages) <sam+deb@zoy.org>.
(full text, mbox, link).
Message #10 received at 342207@bugs.debian.org (full text, mbox, reply):
Hi,
this has been assigned CVE-2005-4048, please mention it
in the changelog when fixing it.
Cheers,
Moritz
Information forwarded to debian-bugs-dist@lists.debian.org, Sam Hocevar (Debian packages) <sam+deb@zoy.org>:
Bug#342207; Package ffmpeg.
(full text, mbox, link).
Acknowledgement sent to Samuel Mimram <smimram@debian.org>:
Extra info received and forwarded to list. Copy sent to Sam Hocevar (Debian packages) <sam+deb@zoy.org>.
(full text, mbox, link).
Message #15 received at 342207@bugs.debian.org (full text, mbox, reply):
Hi,
On Tue, Dec 06, 2005 at 10:41:08AM +0100, Moritz Muehlenhoff wrote:
> Package: ffmpeg
> Version: 0.cvs20050918-5
> Severity: grave
> Tags: security
> Justification: user security hole
>
> An exploitable heap overflow has been found in libavcodec's handling
> of images with PIX_FMT_PAL8 pixel formats. Please see
> http://article.gmane.org/gmane.comp.video.ffmpeg.devel/26558
> for more information and a demo image.
>
> Upstream's fix can be found at
> http://mplayerhq.hu/pipermail/ffmpeg-cvslog/2005-December/000979.html
I have an NMU ready to fix this. Please tell me soon if you'd like me
not to upload it. It might be a better idea to make a new cvs snapshot,
feel free to tell me if I can help.
Cheers,
Samuel.
Tags added: fixed
Request was from Samuel Mimram <smimram@debian.org>
to control@bugs.debian.org.
(full text, mbox, link).
Reply sent to Sam Hocevar (Debian packages) <sam+deb@zoy.org>:
You have taken responsibility.
(full text, mbox, link).
Notification sent to Moritz Muehlenhoff <jmm@inutil.org>:
Bug acknowledged by developer.
(full text, mbox, link).
Message #22 received at 342207-close@bugs.debian.org (full text, mbox, reply):
Source: ffmpeg
Source-Version: 0.cvs20050918-6
We believe that the bug you reported is fixed in the latest version of
ffmpeg, which is due to be installed in the Debian FTP archive:
ffmpeg_0.cvs20050918-6.diff.gz
to pool/main/f/ffmpeg/ffmpeg_0.cvs20050918-6.diff.gz
ffmpeg_0.cvs20050918-6.dsc
to pool/main/f/ffmpeg/ffmpeg_0.cvs20050918-6.dsc
ffmpeg_0.cvs20050918-6_i386.deb
to pool/main/f/ffmpeg/ffmpeg_0.cvs20050918-6_i386.deb
libavcodec-dev_0.cvs20050918-6_i386.deb
to pool/main/f/ffmpeg/libavcodec-dev_0.cvs20050918-6_i386.deb
libavformat-dev_0.cvs20050918-6_i386.deb
to pool/main/f/ffmpeg/libavformat-dev_0.cvs20050918-6_i386.deb
libpostproc-dev_0.cvs20050918-6_i386.deb
to pool/main/f/ffmpeg/libpostproc-dev_0.cvs20050918-6_i386.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 342207@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Sam Hocevar (Debian packages) <sam+deb@zoy.org> (supplier of updated ffmpeg package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Sat, 21 Jan 2006 16:51:26 +0100
Source: ffmpeg
Binary: libavformat-dev ffmpeg libavcodec-dev libpostproc-dev
Architecture: source i386
Version: 0.cvs20050918-6
Distribution: unstable
Urgency: low
Maintainer: Sam Hocevar (Debian packages) <sam+deb@zoy.org>
Changed-By: Sam Hocevar (Debian packages) <sam+deb@zoy.org>
Description:
ffmpeg - multimedia player, server and encoder
libavcodec-dev - development files for libavcodec
libavformat-dev - development files for libavformat
libpostproc-dev - development files for libpostproc
Closes: 337846 338895 342207
Changes:
ffmpeg (0.cvs20050918-6) unstable; urgency=low
.
* Developer upload.
* Acknowledge NMU. Thanks to Samuel Mimram (Closes: #342207).
* configure:
+ Set RUNTIME_CPUDETECT (except on m68k where it ICEs and on x86 where it
fails to build some asm constructs) (Closes: #337846).
* debian/rules:
+ Make the build process aware of DEB_BUILD_OPTIONS, thanks to Timo
Lindfors (Closes: #338895).
Files:
c4a4fa61a29e7716fa2a6b0997487297 849 libs optional ffmpeg_0.cvs20050918-6.dsc
d9b20def819d497a95480ca5a4268e03 13927 libs optional ffmpeg_0.cvs20050918-6.diff.gz
5ae9a438fea578e25a59cce9b3b2e0b1 4199046 graphics optional ffmpeg_0.cvs20050918-6_i386.deb
1a28db130123572fe2da025ef84e62f7 2540706 libdevel optional libavcodec-dev_0.cvs20050918-6_i386.deb
0f5210e67630db9c1e7e5959cb73b761 46594 libdevel optional libpostproc-dev_0.cvs20050918-6_i386.deb
7a94b2dce4ce9d0e53cdcbd42a297911 545206 libdevel optional libavformat-dev_0.cvs20050918-6_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
iD8DBQFD0m1NfPP1rylJn2ERAkl+AJ4p+bVBWcAX7Z3bxT/NXHx9n4Ov7wCcChm2
8GD8/2d0Cby2LPs1Wf6eubs=
=uDNU
-----END PGP SIGNATURE-----
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Sun, 24 Jun 2007 12:08:26 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 14:21:48 2019;
Machine Name:
beach
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.
Vulmon