On Sa, Feb 20, 2010 at 22:02:51 (CET), Michael Gilbert wrote:

> package: ffmpeg
> version: 0.svn20080206-18
> severity: serious
> tags: security
>
> hi, i have just tested the latest ffmpeg update against the original
> proof of concepts [0] reported in bug #550442 [1].  many of them are
> still effective.  there is some good news though; i've found that
> upstream has addressed all of the problems in their latest svn version.
> attached are my findings.
>
> reference [2] may be useful to track down the other needed patches; or
> it may be easier to just upgrade to a new svn (however, the patches
> still need to be determined for stable).

Okay, disregarding the dos only crashers, here is my analysis so far:

*** dv/smclockdv.avi.2.0: vulnerable / fixed in upstream svn20100220

unreproducable in 0.5: smclockdv.avi.2.0: Error while opening file

*** huffyuv/*: all vulnerable / all fixed in upstream svn20100220

http://roundup.ffmpeg.org/issue1237

confirmed in smclockhuffyuv.avi.1.0

fixed by backporting r19322, committed to 0.5

*** ogv

all fixed by backporting these two patches:

First commit:

Make decode_init fail if the huffman tables are invalid and thus init_vlc fails.
Otherwise this will crash during decoding because the vlc tables are NULL.
Partially fixes ogv/smclock.ogv.1.101.ogv from issue 1240.

backport r19355 by reimar

Second commit:

Add extra validation checks to ff_vorbis_len2vlc.
They should not be necessary, but it seems like a reasonable precaution.

r19374 by reimar

**** ogv/smclock.ogv.1.0.ogv: vulnerable / fixed in upstream svn20100220
**** ogv/smclock.ogv.1.842.ogv: vulnerable / fixed in upstream svn20100220
**** ogv/smclock.ogv.1.181.ogv: vulnerable / fixed in upstream svn20100220
**** ogv/smclock.ogv.2.164.ogv: vulnerable / fixed in upstream svn20100220
*** vp62/smclockvp62hsp.avi.3.118: vulnerable / fixed in upstream svn20100220

unreproducable in 0.5:

[avi @ 0x9253a60]Something went wrong during header parsing, I will ignore it 
and try to continue anyway.
[avi @ 0x9253a60]Could not find codec parameters (Invalid Codec type -1)
vp62/smclockvp62hsp.avi.3.118: could not find codec parameters

*** wmv division by zero erros:

fixed in 0.5, backported r19330

*** wmv7/smclockv7.wmv.1.0: vulnerable / fixed in upstream svn20100220
*** wmv8/smclockv8.wmv.1.0: vulnerable / fixed in upstream svn20100220
*** wmv9/smclockv9.wmv.1.0: vulnerable / fixed in upstream svn20100220

I imagine that these revision apply to the version in lenny as well.

-- 
Gruesse/greetings,
Reinhard Tartler, KeyID 945348A4



_______________________________________________
pkg-multimedia-maintainers mailing list
pkg-multimedia-maintainers@lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/listinfo/pkg-multimedia-maintainers

Reply via email to