[Bug 1143556] New: VUL-1: CVE-2019-14441: libav: access violation allows remote attackers to cause a denial of service
http://bugzilla.opensuse.org/show_bug.cgi?id=1143556 Bug ID: 1143556 Summary: VUL-1: CVE-2019-14441: libav: access violation allows remote attackers to cause a denial of service Classification: openSUSE Product: openSUSE Distribution Version: Leap 15.0 Hardware: Other URL: https://smash.suse.de/issue/238326/ OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Security Assignee: alarrosa@suse.com Reporter: atoptsoglou@suse.com QA Contact: security-team@suse.de Found By: Security Response Team Blocker: --- CVE-2019-14441 An issue was discovered in Libav 12.3. An access violation allows remote attackers to cause a denial of service (application crash), as demonstrated by avconv. This is related to ff_mpa_synth_filter_float in avcodec/mpegaudiodsp_template.c. References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-14441 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14441 https://bugzilla.libav.org/show_bug.cgi?id=1161#c0 -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1143556 Alexandros Toptsoglou <atoptsoglou@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Summary|VUL-1: CVE-2019-14441: |VUL-0: CVE-2019-14441: |libav: access violation |libav: access violation |allows remote attackers to |allows remote attackers to |cause a denial of service |cause a denial of service -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1143556 http://bugzilla.opensuse.org/show_bug.cgi?id=1143556#c1 --- Comment #1 from Alexandros Toptsoglou <atoptsoglou@suse.com> --- The upstream bug which includes POCs is at [1] it seems that this issue is currently open. TW leap 15 and 15.1 should gbe affected. [1] https://bugzilla.libav.org/show_bug.cgi?id=1161#c0 -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1143556 http://bugzilla.opensuse.org/show_bug.cgi?id=1143556#c2 Antonio Larrosa <alarrosa@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Assignee|alarrosa@suse.com |security-team@suse.de --- Comment #2 from Antonio Larrosa <alarrosa@suse.com> --- Note that our libav package has this in %prep: rm -Rf libavcodec libavdevice libavfilter libavformat libavresample libavutil libswscale And then the ffmpeg libraries are used to generate only the libav-tools package. I tested the poc files in Leap 15.0 and TW. In both cases, error messages are shown and no crash happens, so we don't seem to be affected:
avconv -i poc2-SegFaultOnPcNearNull.qt -f /dev/null avconv version 12.3, Copyright (c) 2000-2018 the Libav developers built on Mar 26 2018 12:39 with gcc 7 (SUSE Linux) Trailing options were found on the commandline. [mov,mp4,m4a,3gp,3g2,mj2 @ 0x56432a96e680] stream 0, offset 0x10b8: partial file [mov,mp4,m4a,3gp,3g2,mj2 @ 0x56432a96e680] Could not find codec parameters for stream 1 (Video: mjpeg (mjpa / 0x61706A6D), none(bt470bg/unknown/unknown, top first), 160x120, 36 kb/s): unspecifi ed pixel format Consider increasing the value for the 'analyzeduration' and 'probesize' options Guessed Channel Layout for Input Stream #0.0 : stereo Input #0, mov,mp4,m4a,3gp,3g2,mj2, from 'poc2-SegFaultOnPcNearNull.qt': Metadata: major_brand : qt minor_version : 537199360 compatible_brands: qt creation_time : 2012-10-29T23:55:03.000000Z Duration: 07:47:14.03, start: 0.000000, bitrate: 0 kb/s Stream #0:0(eng): Audio: qdm2 (QDM2 / 0x324D4451), 48000 Hz, 2 channels (default) Metadata: rotate : 0.222935 creation_time : 2012-10-29T23:55:03.000000Z handler_name : Procedura obs�ugi skr�t�w danych Apple Stream #0:1(eng): Video: mjpeg (mjpa / 0x61706A6D), none(bt470bg/unknown/unknown, top first), 160x120, 36 kb/s, 0.25 fps, 0.25 tbr, 1 tbn, 1 tbc (default) Metadata: rotate : 0.222935 creation_time : 2012-10-29T23:55:03.000000Z handler_name : Procedura obs�ugi skr�t�w danych Apple encoder : Motion JPEG A Side data: displaymatrix: rotation of -0.22 degrees At least one output file must be specified
avconv -i poc3-FloatingPointException -f /dev/null avconv version 12.3, Copyright (c) 2000-2018 the Libav developers built on Mar 26 2018 12:39 with gcc 7 (SUSE Linux) Trailing options were found on the commandline. Ignoring attempt to set invalid timebase 1/0 for st:0 [ape @ 0x55bb8c0fc680] Could not find codec parameters for stream 0 (Audio: ape (APE / 0x20455041), 1 channels): unspecified sample format Consider increasing the value for the 'analyzeduration' and 'probesize' options Guessed Channel Layout for Input Stream #0.0 : mono Input #0, ape, from 'poc3-FloatingPointException': Duration: 03:04:56.93, start: 0.000000, bitrate: 0 kb/s Stream #0:0: Audio: ape (APE / 0x20455041), 1 channels At least one output file must be specified
So I suggest marking this as resolved/invalid -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1143556 http://bugzilla.opensuse.org/show_bug.cgi?id=1143556#c3 Alexandros Toptsoglou <atoptsoglou@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution|--- |INVALID --- Comment #3 from Alexandros Toptsoglou <atoptsoglou@suse.com> --- comment 1 -- You are receiving this mail because: You are on the CC list for the bug.
participants (1)
-
bugzilla_noreply@novell.com