Alexander Dahl
  1. Alexander Dahl

buildroot

Public

Commits

Peter Korsgaard
6918f13762e
Peter Korsgaard committed 2ca9ecd2060
ffmpeg: security bump to version 3.2.7

Fixes the following security issues (https://ffmpeg.org/security.html):

3.2.4:

CVE-2017-5024 - FFmpeg in Google Chrome prior to 56.0.2924.76 for Linux,
Windows and Mac, failed to perform proper bounds checking, which allowed a
remote attacker to potentially exploit heap corruption via a crafted video
file.

CVE-2017-5025 - FFmpeg in Google Chrome prior to 56.0.2924.76 for Linux,
Windows and Mac, failed to perform proper bounds checking, which allowed a
remote attacker to potentially exploit heap corruption via a crafted video
file.

3.2.5:

CVE-2017-9991 - Heap-based buffer overflow in the xwd_decode_frame function
in libavcodec/xwddec.c in FFmpeg before 2.8.12, 3.0.x before 3.0.8, 3.1.x
before 3.1.8, 3.2.x before 3.2.5, and 3.3.x before 3.3.1 allows remote
attackers to cause a denial of service (application crash) or possibly have
unspecified other impact via a crafted file.

CVE-2017-9992 - Heap-based buffer overflow in the decode_dds1 function in
libavcodec/dfa.c in FFmpeg before 2.8.12, 3.0.x before 3.0.8, 3.1.x before
3.1.8, 3.2.x before 3.2.5, and 3.3.x before 3.3.1 allows remote attackers to
cause a denial of service (application crash) or possibly have unspecified
other impact via a crafted file.

CVE-2017-9994 - libavcodec/webp.c in FFmpeg before 2.8.12, 3.0.x before
3.0.8, 3.1.x before 3.1.8, 3.2.x before 3.2.5, and 3.3.x before 3.3.1 does
not ensure that pix_fmt is set, which allows remote attackers to cause a
denial of service (heap-based buffer overflow and application crash) or
possibly have unspecified other impact via a crafted file, related to the
vp8_decode_mb_row_no_filter and pred8x8_128_dc_8_c functions.

CVE-2017-9996 - The cdxl_decode_frame function in libavcodec/cdxl.c in
FFmpeg 2.8.x before 2.8.12, 3.0.x before 3.0.8, 3.1.x before 3.1.8, 3.2.x
before 3.2.5, and 3.3.x before 3.3.1 does not exclude the CHUNKY format,
which allows remote attackers to cause a denial of service (heap-based
buffer overflow and application crash) or possibly have unspecified other
impact via a crafted file.

3.2.6:

CVE-2017-9608 - NULL pointer exception.

CVE-2017-9993 - FFmpeg before 2.8.12, 3.0.x and 3.1.x before 3.1.9, 3.2.x
before 3.2.6, and 3.3.x before 3.3.2 does not properly restrict HTTP Live
Streaming filename extensions and demuxer names, which allows attackers to
read arbitrary files via crafted playlist data.

3.2.7:

CVE-2017-11399 - Integer overflow in the ape_decode_frame function in
libavcodec/apedec.c in FFmpeg through 3.3.2 allows remote attackers to cause
a denial of service (out-of-array access and application crash) or possibly
have unspecified other impact via a crafted APE file.

CVE-2017-11665 - The ff_amf_get_field_value function in
libavformat/rtmppkt.c in FFmpeg 3.3.2 allows remote RTMP servers to cause a
denial of service (Segmentation Violation and application crash) via a
crafted stream.

CVE-2017-11719 - The dnxhd_decode_header function in libavcodec/dnxhddec.c
in FFmpeg through 3.3.2 allows remote attackers to cause a denial of service
(out-of-array access) or possibly have unspecified other impact via a
crafted DNxHD file.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>