Ubuntu
ffmpeg package

indeo3 decoder lacks buffer checks

Bug #331255 reported by Alex Converse
4
Affects Status Importance Assigned to Milestone
FFmpeg
Fix Released
Unknown
ffmpeg (Ubuntu)
Fix Released
Undecided
Unassigned

Bug Description

FFmpeg's indeo3 decoder lacks any sort of buffer checks and is a sitting target for buffer overflow attacks.

I'm especially worried about the webbrowser -> totem-plugin -> gstreamer-ffmpeg attack vector

The upstream issue report is at:

https://roundup.mplayerhq.hu/roundup/ffmpeg/issue520

Revision history for this message
Kees Cook (kees) wrote :

Thank you for using Ubuntu and taking the time to report a bug. Without a specific reproducer, this class of bug will be very hard to solve. Also, crashes (even as shown in the upstream report) do not mean there is a security issue (though some are). Without those details, I will unmark this as security bug for now.

security vulnerability: yes → no
Changed in ffmpeg (Ubuntu):
status: New → Incomplete
Bug Watch Updater (bug-watch-updater)
Changed in ffmpeg:
status: Unknown → Confirmed
Bug Watch Updater (bug-watch-updater)
Changed in ffmpeg:
status: Confirmed → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package ffmpeg - 4:0.6~svn20100505-1ubuntu1

---------------
ffmpeg (4:0.6~svn20100505-1ubuntu1) maverick; urgency=low

  * merge from debian/experimental. remaining changes:
    - don't disable encoders
    - don't build against libfaad, libdirac and libopenjpeg (all in universe)

ffmpeg (4:0.6~svn20100505-1) experimental; urgency=low

  * update to new upstream. Closes: #569727
    - fixes various segfaults and other minor feature improvements
      Closes: #374931, #522449, #501891, #559712, #420231, #369127, #538082,
              #298095, #294422, #561553, #525385, #495274, #420230
      LP: #305286, #457106, #529200, #301723, #305315, #336479, #420230,
          #412063, #428912, #432181, #440591, #453732, #453732, #453732,
      #514259, #515243, #521472, #530186, #530186, #197842, #483317,
     #483317, #539407, #280098, #331255, #566107, #569823, #570305,
     #573190
  * Fixup lintian overrides for new upstream snapshot
  * Bump Standards-Version to 3.8.4
  * Many upstream changes, see upstream Changelog for details
 -- Reinhard Tartler <email address hidden> Wed, 26 May 2010 00:01:17 +0200

Changed in ffmpeg (Ubuntu):
status: Incomplete → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.