Red Hat Bugzilla – Bug 861223
CVE-2012-2774 ffmpeg-spice: possible denial of service via memory corruption in mpeg video handling
Last modified: 2014-06-13 13:38:02 EDT
Common Vulnerabilities and Exposures assigned an identifier CVE-2012-2774 to
the following vulnerability:
The ff_MPV_frame_start function in libavcodec/mpegvideo.c in FFmpeg
before 0.11 allows remote attackers to cause a denial of service
(memory corruption) via unspecified vectors, relate to starting "a
frame outside SETUP state."
NOTE: I'm not sure this actually affects us; I'm not familiar enough with the code to make this call. While we don't have the ff_MPV_frame_start() function, we do have a (quite similar) MPV_frame_start() function. The upstream git commit refers to this fix as:
"This fixes race conditions that ultimately lead to memory corruption."
From the look of the patch, it looks like it implements some thread handling, but my impression is that our use of mpeg streaming here is single-threaded in that encoder. In light of that, I don't believe this is a flaw for ffmpeg-spice due to how it is used, but it should be checked by a developer familiar with the code.
According to the comments above, this isn't really a security issue in RHEL6.