Bug 2275840 (CVE-2024-31578, CVE-2024-31581, CVE-2024-31582, CVE-2024-31585)

Summary: CVE-2024-31581 CVE-2024-31578 CVE-2024-31582 CVE-2024-31585 ffmpeg: multiple vulnerabilities
Product: [Other] Security Response Reporter: Patrick Del Bello <pdelbell>
Component: vulnerabilityAssignee: Product Security <prodsec-ir-bot>
Status: NEW --- QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedKeywords: Security
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 2275842, 2275843, 2275844, 2275845, 2275841    
Bug Blocks:    

Description Patrick Del Bello 2024-04-18 02:25:07 UTC 
CVE-2024-31578
FFmpeg version n6.1.1 was discovered to contain a heap use-after-free via the av_hwframe_ctx_init function.

https://gist.github.com/1047524396/45400cce5859d78dcd3a62010df8d179
https://github.com/ffmpeg/ffmpeg/commit/3bb00c0a420c3ce83c6fafee30270d69622ccad7

-

CVE-2024-31585
FFmpeg version n5.1 to n6.1 was discovered to contain an Off-by-one Error vulnerability in libavfilter/avf_showspectrum.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.

https://gist.github.com/1047524396/dc2c64ffe0c3934a6176bcd2c5cf5656
https://github.com/FFmpeg/FFmpeg/commit/81df787b53eb5c6433731f6eaaf7f2a94d8a8c80
https://github.com/ffmpeg/ffmpeg/commit/ab0fdaedd1e7224f7e84ea22fcbfaa4ca75a6c06

-

CVE-2024-31582
FFmpeg version n6.1 was discovered to contain a heap buffer overflow vulnerability in the draw_block_rectangle function of libavfilter/vf_codecview.c. This vulnerability allows attackers to cause undefined behavior or a Denial of Service (DoS) via crafted input.

https://gist.github.com/1047524396/b47d5efe3bc420fb91dbb77c73c0fff3
https://github.com/FFmpeg/FFmpeg/blob/n6.1.1/libavfilter/vf_codecview.c#L220
https://github.com/ffmpeg/ffmpeg/commit/99debe5f823f45a482e1dc08de35879aa9c74bd2

-

CVE-2024-31581
FFmpeg version n6.1 was discovered to contain an improper validation of array index vulnerability in libavcodec/cbs_h266_syntax_template.c. This vulnerability allows attackers to cause undefined behavior within the application.

https://gist.github.com/1047524396/a7e9273e12553775826784035333cdd8
https://github.com/FFmpeg/FFmpeg/blob/n6.1.1/libavcodec/cbs_h266_syntax_template.c#L2048
https://github.com/ffmpeg/ffmpeg/commit/ce0c178a408d43e71085c28a47d50dc939b60196
Comment 1 Patrick Del Bello 2024-04-18 02:25:36 UTC 
Created chromium tracking bugs for this issue:

Affects: epel-all [bug 2275841]


Created ffmpeg tracking bugs for this issue:

Affects: fedora-all [bug 2275843]


Created qt5-qtwebengine tracking bugs for this issue:

Affects: epel-all [bug 2275842]
Affects: fedora-all [bug 2275844]


Created qt6-qtwebengine tracking bugs for this issue:

Affects: fedora-all [bug 2275845]