First Last Prev Next    This bug is not in your last search results.
Bug 1066428 - (CVE-2017-15672) VUL-0: CVE-2017-15672: ffmpeg: out-of-array read in slice counting
(CVE-2017-15672)
VUL-0: CVE-2017-15672: ffmpeg: out-of-array read in slice counting
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other openSUSE 42.2
: P3 - Medium : Normal
: ---
Assigned To: Jan Engelhardt
Security Team bot
https://smash.suse.de/issue/194455/
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2017-11-03 14:43 UTC by Johannes Segitz
Modified: 2021-09-11 02:37 UTC (History)
1 user (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Johannes Segitz 2017-11-03 14:43:01 UTC 
CVE-2017-15672

Affected package: ffmpeg
Affected versions: <= 3.3.4

FFmpeg could read out of bounds of buffer when it parsing an craft mp4 file.

While ffmpeg calculating “bytestream_end” in ff_init_range_encoder() of libavcodec/rangecoder.c,
it uses a small “buf_size”. But when using this structure in read_header() of libavcodec/ffv1dec.c,
It will minus a bigger “trailer” than “buf_size” to read “size” through AV_RB24().
So it reads the front memory of “bytestream”, and get an error “size”.

The issue was fixed with the following commit:
http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=c20f4fcb74da2d0432c7b54499bb98f48236b904

Regards

Reported by Zhibin Hu and Yihan Lian from Qihoo 360 GearTeam

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-15672
http://seclists.org/oss-sec/2017/q4/189
http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-15672.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15672
Comment 1 Swamp Workflow Management 2018-02-12 13:50:10 UTC 
This is an autogenerated message for OBS integration:
This bug (1066428) was mentioned in
https://build.opensuse.org/request/show/575779 42.3 / ffmpeg
Comment 2 Swamp Workflow Management 2018-02-19 14:10:11 UTC 
openSUSE-SU-2018:0470-1: An update that fixes 7 vulnerabilities is now available.

Category: security (moderate)
Bug References: 1064577,1066428,1069407,1070762,1072366,1078488,1079368
CVE References: CVE-2017-15186,CVE-2017-15672,CVE-2017-16840,CVE-2017-17081,CVE-2017-17555,CVE-2018-6392,CVE-2018-6621
Sources used:
SUSE Package Hub for SUSE Linux Enterprise 12 (src):    ffmpeg-3.4.2-14.1
Comment 3 Swamp Workflow Management 2018-02-19 14:15:50 UTC 
openSUSE-SU-2018:0476-1: An update that fixes 7 vulnerabilities is now available.

Category: security (moderate)
Bug References: 1064577,1066428,1069407,1070762,1072366,1078488,1079368
CVE References: CVE-2017-15186,CVE-2017-15672,CVE-2017-16840,CVE-2017-17081,CVE-2017-17555,CVE-2018-6392,CVE-2018-6621
Sources used:
openSUSE Leap 42.3 (src):    ffmpeg-3.4.2-10.1
Comment 6 Jan Engelhardt 2018-03-08 01:06:24 UTC 
.
Comment 7 Swamp Workflow Management 2018-07-18 14:42:08 UTC 
This is an autogenerated message for OBS integration:
This bug (1066428) was mentioned in
https://build.opensuse.org/request/show/623663 15.0+42.3+Backports:SLE-12-SP2 / chromium+codec2+ffmpeg-2+ffmpeg-3+ffmpeg-4+libsodium+libvpx-1_6+zeromq
First Last Prev Next    This bug is not in your last search results.