July 2013 libav security tracking bug
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
libav (Ubuntu) |
Fix Released
|
Medium
|
Unassigned | ||
Precise |
Fix Released
|
Medium
|
Marc Deslauriers | ||
Quantal |
Fix Released
|
Medium
|
Marc Deslauriers | ||
Raring |
Fix Released
|
Medium
|
Marc Deslauriers | ||
Saucy |
Fix Released
|
Medium
|
Marc Deslauriers | ||
Trusty |
Fix Released
|
Medium
|
Unassigned |
Bug Description
This is a bug to track the July 2013 libav security updates:
- kmvc: Clip pixel position to valid range
- kmvc: use fixed sized arrays in the context
- indeo: use a typedef for the mc function pointer
- lavc: check for overflow in init_get_bits
- mjpegdec: properly report unsupported disabled features
- jpegls: return meaningful errors
- jpegls: factorize return paths
- jpegls: check the scan offset
- wavpack: validate samples size parsed in wavpack_
- ljpeg: use the correct number of components in yuv
- mjpeg: Validate sampling factors
- mjpegdec: validate parameters in mjpeg_decode_
- wavpack: check packet size early
- wavpack: return meaningful errors
- apetag: use int64_t for filesize
- tiff: do not overread the source buffer
- Prepare for 0.8.8 Release
- smacker: fix an off by one in huff.length computation
- smacker: check the return value of smacker_decode_tree
- smacker: pad the extradata allocation
- smacker: check frame size validity
- vmdav: convert to bytestream2
- 4xm: don't rely on get_buffer() initializing the frame.
- 4xm: check the return value of read_huffman_
- 4xm: use the correct logging context
- 4xm: reject frames not compatible with the declared version
- 4xm: check bitstream_size boundary before using it
- 4xm: do not overread the source buffer in decode_p_block
Changed in libav (Ubuntu Precise): | |
status: | New → Confirmed |
importance: | Undecided → Medium |
assignee: | nobody → Marc Deslauriers (mdeslaur) |
Changed in libav (Ubuntu Quantal): | |
status: | New → Confirmed |
importance: | Undecided → Medium |
assignee: | nobody → Marc Deslauriers (mdeslaur) |
Changed in libav (Ubuntu Raring): | |
status: | New → Confirmed |
importance: | Undecided → Medium |
assignee: | nobody → Marc Deslauriers (mdeslaur) |
Changed in libav (Ubuntu Saucy): | |
status: | New → Confirmed |
importance: | Undecided → Medium |
assignee: | nobody → Marc Deslauriers (mdeslaur) |
Changed in libav (Ubuntu Trusty): | |
status: | New → Confirmed |
importance: | Undecided → Medium |
Changed in libav (Ubuntu Trusty): | |
status: | Confirmed → Fix Released |
For Precise, Quantal and Raring, also includes fixes from 0.8.7:
- avfiltergraph: check for sws opts being non-NULL before using them non-interlaced content
- bmv: check for len being valid in bmv_decode_frame()
- dfa: check for invalid access in decode_wdlt()
- indeo3: check motion vectors
- indeo3: fix data size check
- indeo3: switch parsing the header to bytestream2
- lavf: make sure stream probe data gets freed.
- oggdec: fix faulty cleanup prototype
- oma: Validate sample rates
- qdm2: check that the FFT size is a power of 2
- rv10: check that extradata is large enough
- xmv: check audio track parameters validity
- xmv: do not leak memory in the error paths in xmv_read_header()
- aac: check the maximum number of channels
- indeo3: fix off by one in MV validity check, Bug #503
- id3v2: check for end of file while unescaping tags
- wav: Always seek to an even offset, Bug #500, LP: #1174737
- proresdec: support mixed interlaced/