Bug 1112440 (CVE-2014-4610)
| Summary: | CVE-2014-4610 ffmpeg: av_lzo1x_decode() integer overflow | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | Kurt Seifried <kseifried> |
| Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
| Status: | CLOSED NOTABUG | QA Contact: | |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | unspecified | CC: | bdpepple, bnocera, jgrulich, kem, mike, mmcallis, otte, pmatouse, security-response-team, uraeus, wtaymans |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2014-06-30 05:16:57 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 1113866 | ||
| Bug Blocks: | 1112414 | ||
|
Description
Kurt Seifried
2014-06-24 00:56:28 UTC
Please note that gstreamer-plugins-good contains an embedded copy of lzo.c from ffmpeg:
commit c4912dac78c8d47e9c980ff74ceea667434ff764
Author: Sebastian Dröge <slomo>
Date: Sat Aug 2 18:18:05 2008 +0000
Decode the codec private data and following ContentEncoding if
necessary.
Original commit message from CVS:
* configure.ac:
* gst/matroska/Makefile.am:
* gst/matroska/lzo.c: (get_byte), (get_len), (copy),
(copy_backptr), (lzo1x_decode), (main):
* gst/matroska/lzo.h:
* gst/matroska/matroska-demux.c:
(gst_matroska_demux_read_track_encoding),
(gst_matroska_decompress_data), (gst_matroska_decode_data),
(gst_matroska_decode_buffer),
(gst_matroska_decode_content_encodings),
(gst_matroska_demux_read_track_encodings),
(gst_matroska_demux_add_stream),
(gst_matroska_demux_parse_blockgroup_or_simpleblock):
* gst/matroska/matroska-ids.h:
Decode the codec private data and following ContentEncoding if
necessary.
Support bzip2, lzo and header stripped compression. For lzo use the
ffmpeg lzo implementation as liblzo is GPL licensed.
Fix zlib decompression.
This issue is public: http://seclists.org/oss-sec/2014/q2/668 Created gstreamer-plugins-good tracking bugs for this issue: Affects: fedora-all [bug 1113866] This issue only affects 32-bit systems and also can only happen if you use uncommonly huge buffer sizes where you have to decompress more than 16 MiB (> 2^24 bytes) untrusted compressed bytes within a single function call. The following packages in Red Hat Enterprise Linux embed lzo, but none of them use such large buffer sizes and therefore are not affected by this flaw: rhel-5/qffmpeg rhel-5/gstreamer-plugins-good rhel-6/gstreamer-plugins-good rhel-7/gstreamer-plugins-good rhel-7/gstreamer1-plugins-good Statement: Not vulnerable. This issue does not affect the version of qffmpeg as shipped with Red Hat Enterprise Linux 5. This issue does not affect the version of gstreamer-plugins-good as shipped with Red Hat Enterprise Linux 5, 6 and 7. This issue does not affect the version of gstreamer1-plugins-good as shipped with Red Hat Enterprise Linux 7. This issue does not affect the version of gstreamer-plugins-good, gstreamer1-plugins-good and mingw-gstreamer-plugins-good as shipped with Fedora 19 and 20. Upstream commit: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=d6af26c55c1ea30f85a7d9edbc373f53be1743ee Additional asserts to detect overflows: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=cf2b7c01f81c1fb3283a1390c0ca9a2f81f4f4a8 The above commits in the github mirror of FFmpeg repository: https://github.com/FFmpeg/FFmpeg/commit/d6af26c55c1ea30f85a7d9edbc373f53be1743ee https://github.com/FFmpeg/FFmpeg/commit/cf2b7c01f81c1fb3283a1390c0ca9a2f81f4f4a8 Blog post and security report from the original reporter: http://blog.securitymouse.com/2014/06/raising-lazarus-20-year-old-bug-that.html https://www.securitymouse.com/lms-2014-06-16-4 |