Bug 2076764 (CVE-2022-1475)

Summary: CVE-2022-1475 ffmpeg: integer overflow in g729_parse() in llibavcodec/g729_parser.c
Product: [Other] Security Response Reporter: Guilherme de Almeida Suckevicz <gsuckevi>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED UPSTREAM QA Contact:
Severity: low Docs Contact:
Priority: low    
Version: unspecifiedCC: hnguyen, igor.raits, kde-sig, kevin, leigh123linux, neuro-sig, rdieter, xavier
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: ---
Doc Text:
An integer overflow vulnerability was found in FFmpeg versions before 4.4.2 and before 5.0.1 in g729_parse() in llibavcodec/g729_parser.c when processing a specially crafted file.
Story Points: ---
Clone Of: Environment:
Last Closed: 2022-04-26 18:15:17 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 2076766, 2076765, 2076767, 2076768, 2076769    
Bug Blocks: 2076324, 2078928    

Description Guilherme de Almeida Suckevicz 2022-04-19 19:29:30 UTC
An integer overflow vulnerability was found in FFmpeg versions before 4.4.2 and before 5.0.1 in g729_parse() in llibavcodec/g729_parser.c when processing a specially crafted file. This issue leads to DoS.

Reference:
https://trac.ffmpeg.org/ticket/9651

Upstream patch:
http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=757da974b21833529cc41bdcc9684c29660cdfa8

Comment 1 Guilherme de Almeida Suckevicz 2022-04-19 19:29:59 UTC
Created nv-codec-headers tracking bugs for this issue:

Affects: epel-all [bug 2076765]
Affects: fedora-all [bug 2076767]


Created python-mne tracking bugs for this issue:

Affects: fedora-all [bug 2076768]


Created qt5-qtwebengine tracking bugs for this issue:

Affects: epel-all [bug 2076766]
Affects: fedora-all [bug 2076769]

Comment 2 leigh scott 2022-04-19 22:15:08 UTC
(In reply to Guilherme de Almeida Suckevicz from comment #1)
> Created nv-codec-headers tracking bugs for this issue:
> 
> Affects: epel-all [bug 2076765]
> Affects: fedora-all [bug 2076767]
> 


You should have filed the nv-codec-headers reports against ffmpeg, I have reassigned them.

Comment 3 leigh scott 2022-04-19 22:21:37 UTC
Also 5.0.1 has the commit that fixes the issue

https://git.ffmpeg.org/gitweb/ffmpeg.git/shortlog/refs/heads/release/5.0

Comment 4 Product Security DevOps Team 2022-04-26 18:15:15 UTC
This CVE Bugzilla entry is for community support informational purposes only as it does not affect a package in a commercially supported Red Hat product. Refer to the dependent bugs for status of those individual community products.

Comment 5 hnguyen66 2022-06-06 19:49:34 UTC
Both ffmpeg version 5.0.1 (https://git.ffmpeg.org/gitweb/ffmpeg.git/shortlog/refs/tags/n5.0.1) and 4.4.2 (https://git.ffmpeg.org/gitweb/ffmpeg.git/shortlog/refs/tags/n4.4.2) contains the fix commit 757da974b21833529cc41bdcc9684c29660cdfa8. Can we update the CVE's affected range to reflect this?

Comment 6 Guilherme de Almeida Suckevicz 2022-06-10 14:07:33 UTC
Done.