← Back to team overview

group.of.nepali.translators team mailing list archive

[Bug 1647226] Re: FFmpeg security fixes December 2016 (xenial)

 

For 2.8.9 there are now CVEs available [1]:
CVE-2016-7502, CVE-2016-7785, CVE-2016-7905, CVE-2016-7562

1: https://ffmpeg.org/security.html

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2016-7502

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2016-7562

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2016-7785

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2016-7905

** Changed in: ffmpeg (Ubuntu)
       Status: Invalid => New

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1647226

Title:
  FFmpeg security fixes December 2016 (xenial)

Status in ffmpeg package in Ubuntu:
  New
Status in ffmpeg source package in Xenial:
  Triaged

Bug description:
  FFmpeg 2.8.9 fixing a number of crashes and other potentially security
  relevant issues was released.

  From the upstream Changelog:

  version 2.8.9
  - avcodec/flacdec: Fix undefined shift in decode_subframe()
  - avcodec/get_bits: Fix get_sbits_long(0)
  - avformat/ffmdec: Check media type for chunks
  - avcodec/flacdec: Fix signed integer overflow in decode_subframe_fixed()
  - avcodec/flacdsp_template: Fix undefined shift in flac_decorrelate_indep_c
  - avformat/oggparsespeex: Check frames_per_packet and packet_size
  - avformat/utils: Check start/end before computing duration in update_stream_timings()
  - avcodec/flac_parser: Update nb_headers_buffered
  - avformat/idroqdec: Check chunk_size for being too large
  - filmstripdec: correctly check image dimensions
  - mss2: only use error correction for matching block counts
  - softfloat: decrease MIN_EXP to cover full float range
  - libopusdec: default to stereo for invalid number of channels
  - sbgdec: prevent NULL pointer access
  - smacker: limit recursion depth of smacker_decode_bigtree
  - mxfdec: fix NULL pointer dereference in mxf_read_packet_old
  - libschroedingerdec: fix leaking of framewithpts
  - libschroedingerdec: don't produce empty frames
  - softfloat: handle -INT_MAX correctly
  - pnmdec: make sure v is capped by maxval
  - smvjpegdec: make sure cur_frame is not negative
  - icodec: correctly check avio_read return value
  - icodec: fix leaking pkt on error
  - dvbsubdec: fix division by zero in compute_default_clut
  - proresdec_lgpl: explicitly check coff[3] against slice_data_size
  - escape124: reject codebook size 0
  - mpegts: prevent division by zero
  - matroskadec: fix NULL pointer dereference in webm_dash_manifest_read_header
  - mpegaudio_parser: don't return AVERROR_PATCHWELCOME
  - mxfdec: fix NULL pointer dereference
  - diracdec: check return code of get_buffer_with_edge
  - ppc: pixblockdsp: do unaligned block accesses correctly again
  - mpeg12dec: unref discarded picture from extradata
  - cavsdec: unref frame before referencing again
  - avformat: prevent triggering request_probe assert in ff_read_packet
  - avformat/mpeg: Adjust vid probe threshold to correct mis-detection
  - avcodec/rv40: Test remaining space in loop of get_dimension()
  - avcodec/ituh263dec: Avoid spending a long time in slice sync
  - avcodec/movtextdec: Add error message for tsmb_size check
  - avcodec/movtextdec: Fix tsmb_size check==0 check
  - avcodec/movtextdec: Fix potential integer overflow
  - avcodec/sunrast: Fix input buffer pointer check
  - avcodec/tscc:  Check side data size before use
  - avcodec/rawdec: Check side data size before use
  - avcodec/msvideo1: Check side data size before use
  - avcodec/qpeg:  Check side data size before use
  - avcodec/qtrle:  Check side data size before use
  - avcodec/msrle:  Check side data size before use
  - avcodec/kmvc:  Check side data size before use
  - avcodec/idcinvideo: Check side data size before use
  - avcodec/cinepak: Check side data size before use
  - avcodec/8bps: Check side data size before use
  - avcodec/dvdsubdec: Fix off by 1 error
  - avcodec/dvdsubdec: Fix buf_size check
  - vp9: change order of operations in adapt_prob().
  - avcodec/interplayvideo: Check side data size before use
  - avformat/mxfdec: Check size to avoid integer overflow in mxf_read_utf16_string()
  - avcodec/mpegvideo_enc: Clear mmx state in ff_mpv_reallocate_putbitbuffer()
  - avcodec/utils: Clear MMX state before returning from avcodec_default_execute*()
  - cmdutils: fix typos
  - lavfi: fix typos
  - lavc: fix typos
  - tools: fix grammar error
  - avutil/mips/generic_macros_msa: rename macro variable which causes segfault for mips r6
  - videodsp: fix 1-byte overread in top/bottom READ_NUM_BYTES iterations.
  - avformat/avidec: Check nb_streams in read_gab2_sub()
  - avformat/avidec: Remove ancient assert
  - lavc/movtextdec.c: Avoid infinite loop on invalid data.
  - avcodec/ansi: Check dimensions
  - avcodec/cavsdsp: use av_clip_uint8() for idct

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ffmpeg/+bug/1647226/+subscriptions