Bug 1143243 - (CVE-2019-14372) VUL-0: CVE-2019-14372: libav: in version 12.3, there is an infinite loop in the function wv_read_block_header() in the file wvdec.c.
(CVE-2019-14372)
VUL-0: CVE-2019-14372: libav: in version 12.3, there is an infinite loop in t...
Status: RESOLVED INVALID
Classification: openSUSE
Product: openSUSE Distribution
Classification: openSUSE
Component: Security
Leap 15.0
Other Other
: P3 - Medium : Normal (vote)
: ---
Assigned To: Security Team bot
Security Team bot
https://smash.suse.de/issue/238156/
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2019-07-29 12:07 UTC by Wolfgang Frisch
Modified: 2019-08-01 12:04 UTC (History)
2 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Wolfgang Frisch 2019-07-29 12:07:30 UTC
CVE-2019-14372

In Libav 12.3, there is an infinite loop in the function wv_read_block_header()
in the file wvdec.c.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-14372
http://www.cvedetails.com/cve/CVE-2019-14372/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14372
https://bugzilla.libav.org/show_bug.cgi?id=1165
Comment 1 Antonio Larrosa 2019-07-31 15:12:47 UTC
Note that our libav package has this in %prep:
rm -Rf libavcodec libavdevice libavfilter libavformat libavresample libavutil libswscale

And then the ffmpeg libraries are used to generate only the libav-tools package.

I tested the poc file from https://bugzilla.libav.org/show_bug.cgi?id=1165#c1 in Leap 15.0 and TW. In both cases, error messages are shown and no infinite loop is entered, so we don't seem to be affected:

avconv version 12.3, Copyright (c) 2000-2018 the Libav developers
  built on Mar 26 2018 12:39 with gcc 9 (SUSE Linux)
[wv @ 0x55d6a4e6e700] Could not find codec parameters for stream 0 (Audio: wavpack, 9600 Hz, 0 channels): unspecified sample format
Consider increasing the value for the 'analyzeduration' and 'probesize' options
Input #0, wv, from '/home/antonio/Downloads/pocc':
  Duration: 47:16:24.57, start: 0.000000, bitrate: N/A
    Stream #0:0: Audio: wavpack, 9600 Hz, 0 channels
Unable to find a suitable output format for '/dev/null'

So I suggest marking this as resolved/invalid
Comment 2 Alexandros Toptsoglou 2019-08-01 12:04:33 UTC
comment 1