Debian Bug report logs - #342207
ffmpeg: Exploitable heap overflow in libavcodec's image handling

version graph

Package: ffmpeg; Maintainer for ffmpeg is Debian multimedia packages maintainers <pkg-multimedia-maintainers@lists.alioth.debian.org>; Source for ffmpeg is src:libav.

Reported by: Moritz Muehlenhoff <jmm@inutil.org>

Date: Tue, 6 Dec 2005 10:03:02 UTC

Severity: grave

Tags: fixed, security

Found in version ffmpeg/0.cvs20050918-5

Fixed in version ffmpeg/0.cvs20050918-6

Done: Sam Hocevar (Debian packages) <sam+deb@zoy.org>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, Debian Security Team <team@security.debian.org>, Sam Hocevar (Debian packages) <sam+deb@zoy.org>:
Bug#342207; Package ffmpeg. Full text and rfc822 format available.

Acknowledgement sent to Moritz Muehlenhoff <jmm@inutil.org>:
New Bug report received and forwarded. Copy sent to Debian Security Team <team@security.debian.org>, Sam Hocevar (Debian packages) <sam+deb@zoy.org>. Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: Moritz Muehlenhoff <jmm@inutil.org>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: ffmpeg: Exploitable heap overflow in libavcodec's image handling
Date: Tue, 06 Dec 2005 10:41:08 +0100
Package: ffmpeg
Version: 0.cvs20050918-5
Severity: grave
Tags: security
Justification: user security hole

An exploitable heap overflow has been found in libavcodec's handling
of images with PIX_FMT_PAL8 pixel formats. Please see 
http://article.gmane.org/gmane.comp.video.ffmpeg.devel/26558
for more information and a demo image.

Upstream's fix can be found at
http://mplayerhq.hu/pipermail/ffmpeg-cvslog/2005-December/000979.html

Cheers,
        Moritz

-- System Information:
Debian Release: testing/unstable
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: i386 (i686)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.14-2-686
Locale: LANG=C, LC_CTYPE=de_DE.ISO-8859-15@euro (charmap=ISO-8859-15)

Versions of packages ffmpeg depends on:
ii  libc6                   2.3.5-8.1        GNU C Library: Shared libraries an
ii  libdc1394-13            1.1.0-2          high level programming interface f
ii  libfreetype6            2.1.10-1         FreeType 2 font engine, shared lib
ii  libgsm1                 1.0.10-13        Shared libraries for GSM speech co
ii  libimlib2               1.2.1-2          powerful image loading and renderi
ii  libogg0                 1.1.2-1          Ogg Bitstream Library
ii  libraw1394-5            0.10.1-1.1       library for direct access to IEEE 
ii  libsdl1.2debian         1.2.9-0.0        Simple DirectMedia Layer
ii  libtheora0              0.0.0.alpha4-1.1 The Theora Video Compression Codec
ii  libvorbis0a             1.1.0-1          The Vorbis General Audio Compressi
ii  libvorbisenc2           1.1.0-1          The Vorbis General Audio Compressi
ii  libx11-6                6.8.2.dfsg.1-11  X Window System protocol client li
ii  xlibs                   6.8.2.dfsg.1-11  X Window System client libraries m
ii  zlib1g                  1:1.2.3-8        compression library - runtime

ffmpeg recommends no packages.

-- no debconf information



Information forwarded to debian-bugs-dist@lists.debian.org, Sam Hocevar (Debian packages) <sam+deb@zoy.org>:
Bug#342207; Package ffmpeg. Full text and rfc822 format available.

Acknowledgement sent to Moritz Muehlenhoff <jmm@inutil.org>:
Extra info received and forwarded to list. Copy sent to Sam Hocevar (Debian packages) <sam+deb@zoy.org>. Full text and rfc822 format available.

Message #10 received at 342207@bugs.debian.org (full text, mbox):

From: Moritz Muehlenhoff <jmm@inutil.org>
To: 342208@bugs.debian.org, 342207@bugs.debian.org
Subject: CVE assignment
Date: Wed, 7 Dec 2005 22:43:46 +0100
Hi,
this has been assigned CVE-2005-4048, please mention it
in the changelog when fixing it.

Cheers,
        Moritz



Information forwarded to debian-bugs-dist@lists.debian.org, Sam Hocevar (Debian packages) <sam+deb@zoy.org>:
Bug#342207; Package ffmpeg. Full text and rfc822 format available.

Acknowledgement sent to Samuel Mimram <smimram@debian.org>:
Extra info received and forwarded to list. Copy sent to Sam Hocevar (Debian packages) <sam+deb@zoy.org>. Full text and rfc822 format available.

Message #15 received at 342207@bugs.debian.org (full text, mbox):

From: Samuel Mimram <smimram@debian.org>
To: Moritz Muehlenhoff <jmm@inutil.org>
Cc: 342207@bugs.debian.org
Subject: Re: ffmpeg: Exploitable heap overflow in libavcodec's image handling
Date: Sun, 15 Jan 2006 15:50:00 +0100
Hi,

On Tue, Dec 06, 2005 at 10:41:08AM +0100, Moritz Muehlenhoff wrote:
> Package: ffmpeg
> Version: 0.cvs20050918-5
> Severity: grave
> Tags: security
> Justification: user security hole
> 
> An exploitable heap overflow has been found in libavcodec's handling
> of images with PIX_FMT_PAL8 pixel formats. Please see 
> http://article.gmane.org/gmane.comp.video.ffmpeg.devel/26558
> for more information and a demo image.
> 
> Upstream's fix can be found at
> http://mplayerhq.hu/pipermail/ffmpeg-cvslog/2005-December/000979.html

I have an NMU ready to fix this. Please tell me soon if you'd like me
not to upload it. It might be a better idea to make a new cvs snapshot,
feel free to tell me if I can help.

Cheers,

Samuel.



Tags added: fixed Request was from Samuel Mimram <smimram@debian.org> to control@bugs.debian.org. Full text and rfc822 format available.

Reply sent to Sam Hocevar (Debian packages) <sam+deb@zoy.org>:
You have taken responsibility. Full text and rfc822 format available.

Notification sent to Moritz Muehlenhoff <jmm@inutil.org>:
Bug acknowledged by developer. Full text and rfc822 format available.

Message #22 received at 342207-close@bugs.debian.org (full text, mbox):

From: Sam Hocevar (Debian packages) <sam+deb@zoy.org>
To: 342207-close@bugs.debian.org
Subject: Bug#342207: fixed in ffmpeg 0.cvs20050918-6
Date: Sat, 21 Jan 2006 09:47:10 -0800
Source: ffmpeg
Source-Version: 0.cvs20050918-6

We believe that the bug you reported is fixed in the latest version of
ffmpeg, which is due to be installed in the Debian FTP archive:

ffmpeg_0.cvs20050918-6.diff.gz
  to pool/main/f/ffmpeg/ffmpeg_0.cvs20050918-6.diff.gz
ffmpeg_0.cvs20050918-6.dsc
  to pool/main/f/ffmpeg/ffmpeg_0.cvs20050918-6.dsc
ffmpeg_0.cvs20050918-6_i386.deb
  to pool/main/f/ffmpeg/ffmpeg_0.cvs20050918-6_i386.deb
libavcodec-dev_0.cvs20050918-6_i386.deb
  to pool/main/f/ffmpeg/libavcodec-dev_0.cvs20050918-6_i386.deb
libavformat-dev_0.cvs20050918-6_i386.deb
  to pool/main/f/ffmpeg/libavformat-dev_0.cvs20050918-6_i386.deb
libpostproc-dev_0.cvs20050918-6_i386.deb
  to pool/main/f/ffmpeg/libpostproc-dev_0.cvs20050918-6_i386.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 342207@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Sam Hocevar (Debian packages) <sam+deb@zoy.org> (supplier of updated ffmpeg package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Sat, 21 Jan 2006 16:51:26 +0100
Source: ffmpeg
Binary: libavformat-dev ffmpeg libavcodec-dev libpostproc-dev
Architecture: source i386
Version: 0.cvs20050918-6
Distribution: unstable
Urgency: low
Maintainer: Sam Hocevar (Debian packages) <sam+deb@zoy.org>
Changed-By: Sam Hocevar (Debian packages) <sam+deb@zoy.org>
Description: 
 ffmpeg     - multimedia player, server and encoder
 libavcodec-dev - development files for libavcodec
 libavformat-dev - development files for libavformat
 libpostproc-dev - development files for libpostproc
Closes: 337846 338895 342207
Changes: 
 ffmpeg (0.cvs20050918-6) unstable; urgency=low
 .
   * Developer upload.
   * Acknowledge NMU. Thanks to Samuel Mimram (Closes: #342207).
   * configure:
     + Set RUNTIME_CPUDETECT (except on m68k where it ICEs and on x86 where it
       fails to build some asm constructs) (Closes: #337846).
   * debian/rules:
     + Make the build process aware of DEB_BUILD_OPTIONS, thanks to Timo
       Lindfors (Closes: #338895).
Files: 
 c4a4fa61a29e7716fa2a6b0997487297 849 libs optional ffmpeg_0.cvs20050918-6.dsc
 d9b20def819d497a95480ca5a4268e03 13927 libs optional ffmpeg_0.cvs20050918-6.diff.gz
 5ae9a438fea578e25a59cce9b3b2e0b1 4199046 graphics optional ffmpeg_0.cvs20050918-6_i386.deb
 1a28db130123572fe2da025ef84e62f7 2540706 libdevel optional libavcodec-dev_0.cvs20050918-6_i386.deb
 0f5210e67630db9c1e7e5959cb73b761 46594 libdevel optional libpostproc-dev_0.cvs20050918-6_i386.deb
 7a94b2dce4ce9d0e53cdcbd42a297911 545206 libdevel optional libavformat-dev_0.cvs20050918-6_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)

iD8DBQFD0m1NfPP1rylJn2ERAkl+AJ4p+bVBWcAX7Z3bxT/NXHx9n4Ov7wCcChm2
8GD8/2d0Cby2LPs1Wf6eubs=
=uDNU
-----END PGP SIGNATURE-----




Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Sun, 24 Jun 2007 12:08:26 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Thu Apr 24 04:18:02 2014; Machine Name: beach.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.