Update to 2.8.14 in Xenial

Bug #1697785 reported by Amr Ibrahim
260
This bug affects 1 person
Affects Status Importance Assigned to Milestone
ffmpeg (Ubuntu)
Invalid
Undecided
Unassigned
Xenial
Fix Released
Undecided
Unassigned

Bug Description

https://git.ffmpeg.org/gitweb/ffmpeg.git/blob/refs/heads/release/2.8:/Changelog

version 2.8.13:
- avformat/mxfdec: Fix Sign error in mxf_read_primer_pack()
- avformat/mxfdec: Fix DoS issues in mxf_read_index_entry_array()
- avformat/nsvdec: Fix DoS due to lack of eof check in nsvs_file_offset loop.
- avcodec/snowdec: Fix integer overflow in decode_subband_slice_buffered()
- avcodec/hevc_ps: Fix undefined shift in pcm code
- avcodec/sbrdsp_fixed: Fix undefined overflows in autocorrelate()
- avformat/mvdec: Fix DoS due to lack of eof check
- avformat/rl2: Fix DoS due to lack of eof check
- avformat/cinedec: Fix DoS due to lack of eof check
- avformat/asfdec: Fix DoS due to lack of eof check
- avformat/hls: Fix DoS due to infinite loop
- ffprobe: Fix NULL pointer handling in color parameter printing
- ffprobe: Fix null pointer dereference with color primaries
- avcodec/hevc_ps: Check delta_pocs in ff_hevc_decode_short_term_rps()
- avformat/aviobuf: Fix signed integer overflow in avio_seek()
- avformat/mov: Fix signed integer overflows with total_size
- avcodec/aacdec_template: Fix running cleanup in decode_ics_info()
- avcodec/me_cmp: Fix crashes on ARM due to misalignment
- avcodec/fic: Fixes signed integer overflow
- avcodec/snowdec: Fix off by 1 error
- avcodec/diracdec: Check perspective_exp and zrs_exp.
- avcodec/mpeg4videodec: Clear mcsel before decoding an image
- avcodec/dirac_dwt: Fixes integer overflows in COMPOSE_DAUB97*
- avcodec/aacdec_fixed: fix invalid shift in predict()
- avcodec/h264_slice: Fix overflow in slice offset
- avformat/utils: fix memory leak in avformat_free_context
- avcodec/dirac_dwt: Fix multiple integer overflows in COMPOSE_DD97iH0()
- avcodec/diracdec: Fix integer overflow in divide3()
- avcodec/takdec: Fix integer overflow in decode_subframe()
- avformat/rtmppkt: Convert ff_amf_get_field_value() to bytestream2
- avformat/rtmppkt: Convert ff_amf_tag_size() to bytestream2
- avcodec/hevc_ps: fix integer overflow in log2_parallel_merge_level_minus2
- avformat/oggparsecelt: Do not re-allocate os->private
- avcodec/aacps: Fix multiple integer overflow in map_val_34_to_20()
- avcodec/aacdec_fixed: fix: left shift of negative value -1
- doc/filters: typo in frei0r
- avcodec/aacdec_template (fixed point): Check gain in decode_cce() to avoid undefined shifts later
- avcodec/mjpegdec: Clip DC also on the negative side.
- avcodec/aacps (fixed point): Fix multiple signed integer overflows
- avcodec/sbrdsp_fixed: Fix integer overflow in sbr_hf_apply_noise()
- avcodec/wavpack: Fix invalid shift
- avcodec/hevc_ps: Fix integer overflow with beta/tc offsets
- avcodec/vb: Check vertical GMC component before multiply
- avcodec/jpeg2000dwt: Fix integer overflow in dwt_decode97_int()
- avcodec/apedec: Fix integer overflow
- avcodec/wavpack: Fix integer overflow in wv_unpack_stereo()
- avcodec/mpeg4videodec: Fix GMC with videos of dimension 1
- avcodec/wavpack: Fix integer overflow
- avcodec/takdec: Fix integer overflow
- avcodec/tiff: Update pointer only when the result is used
- avcodec/hevc_filter: Fix invalid shift
- avcodec/mpeg4videodec: Fix overflow in virtual_ref computation
- avcodec/wavpack: Fix undefined integer negation
- avcodec/aacdec_fixed: Check s for being too small
- avcodec/h264: Fix mix of lossless and lossy MBs decoding
- avcodec/h264_mb: Fix 8x8dct in lossless for new versions of x264
- avcodec/h264_cabac: Fix CABAC+8x8dct in 4:4:4
- avcodec/takdec: Fixes: integer overflow in AV_SAMPLE_FMT_U8P output
- avcodec/jpeg2000dsp: Reorder operations in ict_int() to avoid 2 integer overflows
- avcodec/hevcpred_template: Fix left shift of negative value
- avcodec/hevcdec: Fix signed integer overflow in decode_lt_rps()
- avcodec/jpeg2000dec: Check nonzerobits more completely
- avcodec/shorten: Sanity check maxnlpc
- avcodec/jpeg2000: Fixes integer overflow in ff_jpeg2000_ceildivpow2()
- avcodec/hevcdec: Check nb_sps
- avcodec/hevc_refs: Check nb_refs in add_candidate_ref()
- avcodec/mpeg4videodec: Check sprite delta upshift against overflowing.
- avcodec/mpeg4videodec: Fix integer overflow in num_sprite_warping_points=2 case
- avcodec/aacsbr_fixed: Check shift in sbr_hf_assemble()
- avcodec/sbrdsp_fixed: Return an error from sbr_hf_apply_noise() if operations are impossible
- avcodec/jpeg2000dwt: Fix runtime error: left shift of negative value -123
- avcodec/wavpack: Fix runtime error: signed integer overflow: 1886191616 + 277872640 cannot be represented in type 'int'
- avcodec/snowdec: Fix runtime error: left shift of negative value -1
- avcodec/aacdec_fixed: Fix runtime error: left shift of negative value -1297616
- avcodec/tiff: Fix leak of geotags[].val
- avcodec/ra144: Fix runtime error: signed integer overflow: -2200 * 1033073 cannot be represented in type 'int'
- avcodec/flicvideo: Fix runtime error: signed integer overflow: 4864 * 459296 cannot be represented in type 'int'
- avcodec/indeo4: Check remaining data in Pic hdr extension parsing code
- avcodec/ac3dec_fixed: Fix multiple runtime error: signed integer overflow: -39271008 * 59 cannot be represented in type 'int'
- avcodec/mpeg4videodec: Fix runtime error: signed integer overflow: 53098 * 40448 cannot be represented in type 'int'
- avcodec/pafvideo: Fix assertion failure
- avcodec/takdec: Fix multiple runtime error: signed integer overflow: 637072 * 4096 cannot be represented in type 'int'

version 2.8.12:
- avcodec/mjpegdec: Check that reference frame matches the current frame
- avcodec/tiff: Avoid loosing allocated geotag values
- avcodec/cavs: Fix runtime error: signed integer overflow: -12648062 * 256 cannot be represented in type 'int'
- avformat/hls: Check local file extensions
- avcodec/qdrw: Fix null pointer dereference
- avutil/softfloat: Fix sign error in and improve documentation of av_int2sf()
- avcodec/hevc_ps: Fix runtime error: index 32 out of bounds for type 'uint8_t [32]'
- avcodec/pafvideo: Check packet size and frame code before ff_reget_buffer()
- avcodec/ac3dec_fixed: Fix runtime error: left shift of 419 by 23 places cannot be represented in type 'int'
- avcodec/aacps: Fix runtime error: left shift of 1073741824 by 1 places cannot be represented in type 'INTFLOAT' (aka 'int')
- avcodec/wavpack: Fix runtime error: shift exponent 32 is too large for 32-bit type 'int'
- avcodec/wavpack: Fix runtime error: signed integer overflow: 2013265955 - -134217694 cannot be represented in type 'int'
- avcodec/cinepak: Check input packet size before frame reallocation
- avcodec/hevc_ps: Fix runtime error: signed integer overflow: 2147483628 + 256 cannot be represented in type 'int'
- avcodec/ra144: Fixes runtime error: signed integer overflow: 7160 * 327138 cannot be represented in type 'int'
- avcodec/pnm: Use ff_set_dimensions()
- avcodec/cavsdec: Fix runtime error: signed integer overflow: 59 + 2147483600 cannot be represented in type 'int'
- avformat/avidec: Limit formats in gab2 to srt and ass/ssa
- avcodec/acelp_pitch_delay: Fix runtime error: value 4.83233e+39 is outside the range of representable values of type 'float'
- avcodec/wavpack: Check float_shift
- avcodec/wavpack: Fix runtime error: signed integer overflow: 24 * -2147483648 cannot be represented in type 'int'
- avcodec/ansi: Fix frame memleak
- avcodec/jpeg2000dec: Use ff_set_dimensions()
- avcodec/truemotion2: Fix passing null pointer to memset()
- avcodec/truemotion2: Fix runtime error: left shift of 1 by 31 places cannot be represented in type 'int'
- avcodec/ra144: Fix runtime error: signed integer overflow: -2449 * 1398101 cannot be represented in type 'int'
- avcodec/ra144: Fix runtime error: signed integer overflow: 11184810 * 404 cannot be represented in type 'int'
- avcodec/aac_defines: Add missing () to AAC_HALF_SUM() macro
- avcodec/webp: Fixes null pointer dereference
- avcodec/aacdec_fixed: Fix runtime error: left shift of 1 by 31 places cannot be represented in type 'int'
- avcodec/snow: Fix runtime error: signed integer overflow: 1086573993 + 1086573994 cannot be represented in type 'int'
- avcodec/jpeg2000: Fix runtime error: signed integer overflow: 4185 + 2147483394 cannot be represented in type 'int'
- avcodec/jpeg2000dec: Check tile offsets more completely
- avcodec/aacdec_fixed: Fix multiple runtime error: shift exponent 127 is too large for 32-bit type 'int'
- avcodec/wnv1: More strict buffer size check
- avcodec/libfdk-aacdec: Correct buffer_size parameter
- avcodec/sbrdsp_template: Fix: runtime error: signed integer overflow: 849815297 + 1315389781 cannot be represented in type 'int'
- avcodec/ivi_dsp: Fix runtime error: left shift of negative value -2
- doc/filters: Clarify scale2ref example
- avcodec/mlpdec: Do not leave invalid values in matrix_out_ch[] on error
- avcodec/ra144dec: Fix runtime error: left shift of negative value -17
- avformat/mux: Fix copy an paste typo
- avutil/internal: Do not enable CHECKED with DEBUG
- avcodec/aacdec_fixed: Fix runtime error: signed integer overflow: -2147483648 * -1 cannot be represented in type 'int'
- avcodec/smc: Check remaining input
- avcodec/jpeg2000dec: Fix copy and paste error
- avcodec/jpeg2000dec: Check tile offsets
- avcodec/sanm: Fix uninitialized reference frames
- avcodec/jpeglsdec: Check get_bits_left() before decoding a picture
- avcodec/ivi_dsp: Fix multiple runtime error: left shift of negative value -71
- avcodec/mjpegdec: Fix runtime error: signed integer overflow: -32767 * 130560 cannot be represented in type 'int'
- avcodec/aacdec_fixed: Fix runtime error: shift exponent 34 is too large for 32-bit type 'int'
- avcodec/mpeg4videodec: Check for multiple VOL headers
- avcodec/vmnc: Check location before use
- avcodec/takdec: Fix runtime error: signed integer overflow: 8192 * 524308 cannot be represented in type 'int'
- avcodec/aac_defines: Fix: runtime error: left shift of negative value -2
- avcodec/takdec: Fix runtime error: left shift of negative value -63
- avcodec/mlpdsp: Fix runtime error: signed integer overflow: -24419392 * 128 cannot be represented in type 'int'
- avcodec/sbrdsp_fixed: fix runtime error: left shift of 1 by 31 places cannot be represented in type 'int'
- avcodec/aacsbr_fixed: Fix multiple runtime error: shift exponent 170 is too large for 32-bit type 'int'
- avcodec/hevc_sei: fix amount of bits skipped when reading picture timing SEI message
- avformat/concatdec: fix the h264 annexb extradata check
- avformat/utils: free AVStream.codec properly in free_stream()
- avcodec/options: do a more thorough clean up in avcodec_copy_context()
- avcodec/options: factorize avcodec_copy_context() cleanup code
- avcodec/mlpdec: Do not leave a invalid num_primitive_matrices in the context
- avcodec/aacsbr_fixed: Fix multiple runtime error: shift exponent 150 is too large for 32-bit type 'int'
- avcodec/mimic: Use ff_set_dimensions() to set the dimensions
- avcodec/fic: Fix multiple runtime error: signed integer overflow: 5793 * 419752 cannot be represented in type 'int'
- avcodec/mlpdec: Fix: runtime error: left shift of negative value -8
- avcodec/dfa: Fix: runtime error: signed integer overflow: -14202 * 196877 cannot be represented in type 'int'
- avcodec/aacdec: Fix runtime error: signed integer overflow: 2147483520 + 255 cannot be represented in type 'int'
- avcodec/aacdec_template: Fix fixed point scale in decode_cce()
- avcodec/flicvideo: Check frame_size before decrementing
- avcodec/mlpdec: Fix runtime error: left shift of negative value -1
- avcodec/takdec: Fix runtime error: left shift of negative value -42
- avcodec/hq_hqa: Fix: runtime error: signed integer overflow: -255 * 10180917 cannot be represented in type 'int'
- avcodec/truemotion1: Fix multiple runtime error: signed integer overflow: 1246906962 * 2 cannot be represented in type 'int'
- avcodec/svq3: Fix runtime error: left shift of negative value -6
- avcodec/tiff: reset sampling[] if its invalid
- avcodec/aacps: Fix undefined behavior
- avcodec/opus_silk: Fix integer overflow and out of array read
- avcodec/flacdec: Return error code instead of 0 for failures
- avcodec/snowdec: Check width
- avcodec/webp: Update canvas size in vp8_lossy_decode_frame() as in vp8_lossless_decode_frame()
- avcodec/webp: Factor update_canvas_size() out
- avcodec/cllc: Check prefix
- avcodec/dds: Fix runtime error: left shift of 210 by 24 places cannot be represented in type 'int'
- avcodec/mpeg4videodec: Clear sprite wraping on unsupported cases in VOP decode
- avcodec/ac3dec: Fix: runtime error: index -1 out of bounds for type 'INTFLOAT [2]'
- avcodec/hqxdsp: Fix runtime error: signed integer overflow: -196264 * 11585 cannot be represented in type 'int'
- libswscale/tests/swscale: Fix uninitialized variables
- avcodec/ffv1dec: Fix runtime error: signed integer overflow: 1550964438 + 1550964438 cannot be represented in type 'int'
- avcodec/webp: Fix signedness in prefix_code check
- avcodec/svq3: Fix runtime error: signed integer overflow: 169 * 12717677 cannot be represented in type 'int'
- avcodec/mlpdec: Check that there is enough data for headers
- avcodec/ac3dec: Keep track of band structure
- avcodec/webp: Add missing input padding
- avcodec/aacdec_fixed: Fix runtime error: left shift of negative value -1
- avcodec/aacsbr_template: Do not change bs_num_env before its checked
- avcodec/mlp: Fix multiple runtime error: left shift of negative value -1
- avcodec/vp8dsp: vp7_luma_dc_wht_c: Fix multiple runtime error: signed integer overflow: -1366381240 + -1262413604 cannot be represented in type 'int'
- avcodec/avcodec: Limit the number of side data elements per packet
- avcodec/texturedsp: Fix runtime error: left shift of 255 by 24 places cannot be represented in type 'int'
- avcodec/wmv2dsp: Fix runtime error: signed integer overflow: 181 * -17047030 cannot be represented in type 'int'
- avcodec/diracdec: Fix Assertion frame->buf[0] failed at libavcodec/decode.c:610
- avcodec/msmpeg4dec: Check for cbpy VLC errors
- avcodec/cllc: Check num_bits
- avcodec/cllc: Factor VLC_BITS/DEPTH out, do not use repeated literal numbers
- avcodec/dvbsubdec: Check entry_id
- avcodec/aacdec_fixed: Fix multiple shift exponent 33 is too large for 32-bit type 'int'
- avcodec/mpeg12dec: Fixes runtime error: division by zero
- avcodec/webp: Always set pix_fmt
- avfilter/vf_uspp: Fix currently unused input frame dimensions
- avcodec/truemotion1: Fix multiple runtime error: left shift of negative value -1
- avcodec/eatqi: Fix runtime error: signed integer overflow: 4466147 * 1075 cannot be represented in type 'int'
- avcodec/dss_sp: Fix runtime error: signed integer overflow: 2147481189 + 4096 cannot be represented in type 'int'
- avformat/wavdec: Check chunk_size
- avcodec/cavs: Check updated MV
- avcodec/y41pdec: Fix width in input buffer size check
- avcodec/svq3: Fix multiple runtime error: signed integer overflow: -237341 * 24552 cannot be represented in type 'int'
- avcodec/texturedsp: Fix runtime error: left shift of 218 by 24 places cannot be represented in type 'int'
- avcodec/lagarith: Check scale_factor
- avcodec/lagarith: Fix runtime error: left shift of negative value -1
- avcodec/takdec: Fix multiple runtime error: left shift of negative value -1
- avcodec/indeo2: Check for invalid VLCs
- avcodec/htmlsubtitles: Check for string truncation and return error
- avcodec/bmvvideo: Fix runtime error: left shift of 137 by 24 places cannot be represented in type 'int'
- avcodec/dss_sp: Fix multiple runtime error: signed integer overflow: -15699 * -164039 cannot be represented in type 'int'
- avcodec/dvbsubdec: check region dimensions
- avcodec/vp8dsp: Fixes: runtime error: signed integer overflow: 1330143360 - -1023040530 cannot be represented in type 'int'
- avcodec/hqxdsp: Fix multiple runtime error: signed integer overflow: 248220 * 21407 cannot be represented in type 'int' in idct_col()
- avcodec/cavsdec: Check sym_factor
- avcodec/cdxl: Check format for BGR24
- avcodec/ffv1dec: Fix copying planes of paletted formats
- avcodec/wmv2dsp: Fix runtime error: signed integer overflow: 181 * -12156865 cannot be represented in type 'int'
- avcodec/xwddec: Check bpp more completely
- avcodec/s302m: Fix left shift of 8 by 28 places cannot be represented in type 'int'
- avcodec/eamad: Fix runtime error: signed integer overflow: 49674 * 49858 cannot be represented in type 'int'
- avcodec/g726: Fix runtime error: left shift of negative value -2
- avcodec/ra144: Fix runtime error: left shift of negative value -798
- avcodec/mss34dsp: Fix multiple signed integer overflow
- avcodec/targa_y216dec: Fix width type
- avcodec/ivi_dsp: Fix multiple left shift of negative value -2
- avcodec/svq3: Fix multiple runtime error: signed integer overflow: 44161 * 61694 cannot be represented in type 'int'
- avcodec/msmpeg4dec: Correct table depth
- avcodec/dds: Fix runtime error: left shift of 1 by 31 places cannot be represented in type 'int'
- avcodec/cdxl: Check format parameter
- avutil/softfloat: Fix overflow in av_div_sf()
- avcodec/hq_hqa: Fix runtime error: left shift of negative value -207
- avcodec/mss3: Change types in rac_get_model_sym() to match the types they are initialized from
- avcodec/shorten: Check k in get_uint()
- avcodec/webp: Fix null pointer dereference
- avcodec/dfa: Fix signed integer overflow: -2147483648 - 1 cannot be represented in type 'int'
- avcodec/mimic: Fix runtime error: left shift of negative value -1
- avcodec/fic: Fix multiple left shift of negative value -15
- avcodec/mlpdec: Fix runtime error: left shift of negative value -22
- avcodec/snowdec: Check qbias
- avutil/softfloat: Fix multiple runtime error: left shift of negative value -8
- avcodec/aacsbr_template: Do not leave bs_num_env invalid
- avcodec/mdec: Fix signed integer overflow: 28835400 * 83 cannot be represented in type 'int'
- avcodec/dfa: Fix off by 1 error
- avcodec/nellymoser: Fix multiple left shift of negative value -8591
- avcodec/cdxl: Fix signed integer overflow: 14243456 * 164 cannot be represented in type 'int'
- avcodec/g722: Fix multiple runtime error: left shift of negative value -1
- avcodec/dss_sp: Fix multiple left shift of negative value -466
- avcodec/wnv1: Fix runtime error: left shift of negative value -1
- avcodec/tiertexseqv: set the fixed dimenasions, do not depend on the demuxer doing so
- avcodec/mjpegdec: Fix runtime error: signed integer overflow: -24543 * 2031616 cannot be represented in type 'int'
- avcodec/cavsdec: Fix undefined behavior from integer overflow
- avcodec/dvdsubdec: Fix runtime error: left shift of 242 by 24 places cannot be represented in type 'int'
- libavcodec/mpeg4videodec: Convert sprite_offset to 64bit
- avcodec/pngdec: Use ff_set_dimensions()
- avcodec/msvideo1: Check buffer size before re-getting the frame
- avcodec/h264_cavlc: Fix undefined behavior on qscale overflow
- avcodec/svq3: Increase offsets to prevent integer overflows
- avcodec/indeo2: Check remaining bits in ir2_decode_plane()
- avcodec/vp3: Check remaining bits in unpack_dct_coeffs()
- avcodec/mdec: Fix runtime error: left shift of negative value -127
- libavcodec/exr : fix float to uint16 conversion for negative float value
- avformat/webmdashenc: Validate the 'streams' adaptation sets parameter
- avformat/webmdashenc: Require the 'adaptation_sets' option to be set
- avcodec/dvdsubdec: Fixes 2 runtime error: left shift of 170 by 24 places cannot be represented in type 'int'
- avfilter/avfiltergraph: Add assert to write down in machine readable form what is assumed about sample rates in swap_samplerates_on_filter()
- avcodec/tiff: Perform multiply in tiff_unpack_lzma() as 64bit
- avcodec/vdpau_hevc: Fix potential out-of-bounds write
- avcodec/tiff: Check geotag count for being non zero
- avcodec/vp56: Check avctx->error_concealment before enabling EC
- avcodec/tiff: Check stripsize strippos for overflow
- avcodec/mpegaudiodec_template: Make l3_unscale() work with e=0
- avcodec/tiff: Check for multiple geo key directories
- avcodec/wavpack: Fix runtime error: shift exponent 32 is too large for 32-bit type 'int'
- avcodec/rv34: Fix runtime error: signed integer overflow: 36880 * 66288 cannot be represented in type 'int'
- avcodec/amrwbdec: Fix runtime error: left shift of negative value -1
- avcodec/mpeg4videodec: Fix runtime error: signed integer overflow: -135088512 * 16 cannot be represented in type 'int'
- avcodec/h264_mvpred: Fix runtime error: left shift of negative value -1
- avcodec/mjpegdec: Fix runtime error: left shift of negative value -127
- avcodec/wavpack: Fix runtime error: left shift of negative value -5
- avcodec/wavpack: Fix runtime error: left shift of negative value -2
- avcodec/mpeg4videodec: Fix runtime error: signed integer overflow: 134527392 * 16 cannot be represented in type 'int'
- avcodec/mpeg12dec: Fix runtime error: left shift of negative value -13
- avcodec/h264_mvpred: Fix multiple runtime error: left shift of negative value
- avcodec/adxdec: Fix runtime error: left shift of negative value -1
- avcodec/mpeg4videodec: Improve the overflow checks in mpeg4_decode_sprite_trajectory()
- avcodec/mjpegdec: Fix runtime error: left shift of negative value -511
- avcodec/h264_direct: Fix runtime error: left shift of negative value -14
- avcodec/pictordec: Check plane value before doing value/mask computations
- avcodec/mpeg4videodec: Fix runtime error: left shift of negative value -2650
- avcodec/eac3dec: Fix runtime error: left shift of negative value -3
- avcodec/mpeg12dec: Fix runtime error: left shift of negative value -2
- avcodec/mpeg4videodec: Check the other 3 sprite points for intermediate overflows
- avcodec/mpeg4videodec: Check sprite_offset in addition to shifts
- avcodec/mpeg4video: Fix runtime error: left shift of negative value
- avcodec/ituh263dec: Fix runtime error: left shift of negative value -22
- avcodec/rv40: Fix runtime error: left shift of negative value
- avcodec/h264_cabac: runtime error: signed integer overflow: 2147483647 + 14 cannot be represented in type 'int'
- avcodec/mpeg4videodec: Fix runtime error: shift exponent -2 is negative
- avcodec/mjpegdec: Fix runtime error: left shift of negative value -507
- avcodec/eac3dec: Fix runtime error: left shift of negative value
- avcodec/vp6: clear dimensions on failed resolution change in vp6_parse_header()
- avcodec/vp56: Reset have_undamaged_frame on resolution changes
- avcodec/vp8: Fix hang with slice threads
- avcodec/vp8: Check for the bitstream end per MB in decode_mb_row_no_filter()
- avcodec/vp568: Check that there is enough data for ff_vp56_init_range_decoder()
- avcodec/vp8: remove redundant check
- avcodec/vp56: Require a correctly decoded frame before using vp56_conceal_mb()
- avcodec/vp3: Do not return random positive values but the buf size
- avcodec/vp8: Check for bitsteam end in decode_mb_row_no_filter()
- avcodec/vp56: Factorize vp56_render_mb() out
- avcodec/vp3dsp: Fix multiple signed integer overflow: 46341 * 47523 cannot be represented in type 'int'
- Add CHECK/SUINT code
- avcodec/mpeg12dec: Fix runtime error: left shift of negative value -1
- avcodec/vp56: Clear dimensions in case of failure in the middle of a resolution change
- avcodec/vp56: Implement very basic error concealment
- avcodec/amrwbdec: Fix 2 runtime errors: left shift of negative value -1
- avcodec/pngdec: Fix runtime error: left shift of 152 by 24 places cannot be represented in type 'int'
- avcodec/vp56: Fix sign typo
- avcodec/mpegaudiodec_template: Correct return code on id3 tag discarding
- avcodec/rv34: Simplify and factor get_slice_offset() code
- avcodec/pictordec: Do not read more than nb_planes
- avcodec/srtdec: Fix signed integer overflow: 1811992524 * 384 cannot be represented in type 'int'
- avcodec/pngdec: Check bit depth for validity
- avcodec/mpeg12dec: Fix runtime error: left shift of negative value
- avcodec/wavpacl: Fix runtime error: left shift of negative value -1
- avformat/http: Check for truncated buffers in http_connect()
- (github/release/2.8) avformat/apng: fix setting frame delay when max_fps is set to no limit
- swresample/resample: free existing ResampleContext on reinit
- swresample/resample: move resample_free() higher in the file
- lavf/mpeg: Initialize a stack variable used by memcmp().
- lavc/avpacket: Initialize a variable in error path.

information type: Public → Public Security
Revision history for this message
Seth Arnold (seth-arnold) wrote :

Thanks for taking the time to report this bug and helping to make Ubuntu better. Since the package referred to in this bug is in universe or multiverse, it is community maintained. If you are able, I suggest coordinating with upstream and posting a debdiff for this issue. When a debdiff is available, members of the security team will review it and publish the package. See the following link for more information: https://wiki.ubuntu.com/SecurityTeam/UpdateProcedures

Changed in ffmpeg (Ubuntu):
status: New → Incomplete
Revision history for this message
Launchpad Janitor (janitor) wrote : Re: Update to 2.8.12 in Xenial

[Expired for ffmpeg (Ubuntu) because there has been no activity for 60 days.]

Changed in ffmpeg (Ubuntu):
status: Incomplete → Expired
Changed in ffmpeg (Ubuntu):
status: Expired → New
summary: - Update to 2.8.12 in Xenial
+ Update to 2.8.13 in Xenial
description: updated
Changed in ffmpeg (Ubuntu):
status: New → Confirmed
Revision history for this message
James Cowgill (jcowgill) wrote : Re: Update to 2.8.13 in Xenial

Debdiff for updating from 2.8.11 to 2.8.14 is attached. The only change other than importing the new upstream version is a change to debian/gbp.conf which should have no impact on the generated binaries (it only affects my git packaging).

Git repo on salsa: https://salsa.debian.org/multimedia-team/ffmpeg/commits/ubuntu/xenial

I have:
- Checked the list of fixed CVEs.
- Verified the package builds in xenial.
- Verified the packages install + upgrade from the current version in xenial-security.
- Verified the autopkgtests pass.
- Run some smoke tests to make sure the basic parts still work.

Since this is a massive update, so I have not had time to verify each specific bug.

summary: - Update to 2.8.13 in Xenial
+ Update to 2.8.14 in Xenial
Revision history for this message
Marc Deslauriers (mdeslaur) wrote :

ACK on the debdiff in comment #3. Package is being released now.

Thanks!

Changed in ffmpeg (Ubuntu):
status: Confirmed → Invalid
Changed in ffmpeg (Ubuntu Xenial):
status: New → Fix Committed
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package ffmpeg - 7:2.8.14-0ubuntu0.16.04.1

---------------
ffmpeg (7:2.8.14-0ubuntu0.16.04.1) xenial-security; urgency=medium

  * New upstream bugfix release. (LP: #1697785)
    - Fixes CVE-2017-9991, CVE-2017-9992, CVE-2017-9993, CVE-2017-9994,
      CVE-2017-9996, CVE-2017-11399, CVE-2017-11665, CVE-2017-14055,
      CVE-2017-14056, CVE-2017-14057, CVE-2017-14058, CVE-2017-14059,
      CVE-2017-14169, CVE-2017-14170, CVE-2017-14171, CVE-2017-14222,
      CVE-2017-14223, CVE-2017-14225, CVE-2017-15672, CVE-2017-17081.

 -- James Cowgill <email address hidden> Tue, 10 Apr 2018 14:49:07 +0100

Changed in ffmpeg (Ubuntu Xenial):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.