Skip to content

GitLab

  • Projects
  • Groups
  • Snippets
  • Help
    • Loading...
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
    • Contribute to GitLab
  • Sign in / Register
aports
aports
  • Project overview
    • Project overview
    • Details
    • Activity
    • Releases
  • Repository
    • Repository
    • Files
    • Commits
    • Branches
    • Tags
    • Contributors
    • Graph
    • Compare
  • Issues 645
    • Issues 645
    • List
    • Boards
    • Labels
    • Service Desk
    • Milestones
  • Merge Requests 209
    • Merge Requests 209
  • CI / CD
    • CI / CD
    • Pipelines
    • Jobs
    • Schedules
  • Operations
    • Operations
    • Incidents
    • Environments
  • Analytics
    • Analytics
    • CI / CD
    • Repository
    • Value Stream
  • Members
    • Members
  • Collapse sidebar
  • Activity
  • Graph
  • Create a new issue
  • Jobs
  • Commits
  • Issue Boards
  • alpine
  • aportsaports
  • Issues
  • #9114

Closed
Open
Opened Jul 19, 2018 by Alicha CH@alichaReporter

ffmpeg: Multiple vulnerabilities (CVE-2018-7557, CVE-2018-10001, CVE-2018-12458, CVE-2018-13300, CVE-2018-13302)

CVE-2018-7557: The decode_init function in libavcodec/utvideodec.c in FFmpeg through 3.4.2 allows remote attackers
to cause a denial of service (Out of array read) via an AVI file with crafted dimensions within chroma subsampling data.

References:

https://nvd.nist.gov/vuln/detail/CVE-2018-7557

Patch:

https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/7414d0bda7763f9bd69c26c068e482ab297c1c96

CVE-2018-10001: The decode_init function in libavcodec/utvideodec.c in FFmpeg through 3.4.2 allows
remote attackers to cause a denial of service (out of array read) via an AVI file.

Reference:

https://nvd.nist.gov/vuln/detail/CVE-2018-10001

Patch:

http://git.videolan.org/?p=ffmpeg.git;a=commit;h=47b7c68ae54560e2308bdb6be4fb076c73b93081

CVE-2018-12458: An improper integer type in the mpeg4_encode_gop_header function in libavcodec/mpeg4videoenc.c in
FFmpeg 4.0 may trigger an assertion violation while converting a crafted AVI file to MPEG4, leading to a denial of service.

Reference:

https://nvd.nist.gov/vuln/detail/CVE-2018-12458

Patch:

https://github.com/FFmpeg/FFmpeg/commit/e1182fac1afba92a4975917823a5f644bee7e6e8

CVE-2018-13300: In FFmpeg 4.0.1, an improper argument (AVCodecParameters) passed to the avpriv_request_sample
function in the handle_eac3 function in libavformat/movenc.c may trigger an out-of-array read while converting a
crafted AVI file to MPEG4, leading to a denial of service and possibly an information disclosure.

Reference:

https://nvd.nist.gov/vuln/detail/CVE-2018-13300

Patch:

https://github.com/FFmpeg/FFmpeg/commit/95556e27e2c1d56d9e18f5db34d6f756f3011148

CVE-2018-13302: In FFmpeg 4.0.1, improper handling of frame types (other than EAC3_FRAME_TYPE_INDEPENDENT) that
have multiple independent substreams in the handle_eac3 function in libavformat/movenc.c may trigger an out-of-array access
while converting a crafted AVI file to MPEG4, leading to a denial of service or possibly unspecified other impact.

Reference:

https://nvd.nist.gov/vuln/detail/CVE-2018-13302

Patch:

https://github.com/FFmpeg/FFmpeg/commit/ed22dc22216f74c75ee7901f82649e1ff725ba50

(from redmine: issue id 9114, created on 2018-07-19, closed on 2018-08-29)

  • Relations:
    • copied_to #9115 (closed)
    • copied_to #9116 (closed)
    • child #9115 (closed)
    • child #9116 (closed)
To upload designs, you'll need to enable LFS and have admin enable hashed storage. More information
Assignee
Assign to
None
Milestone
None
Assign milestone
Time tracking
None
Due date
None
Reference: alpine/aports#9114