Update FFmpeg to 3.4.7 in Bionic
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
ffmpeg (Ubuntu) |
Fix Released
|
Low
|
Unassigned |
Bug Description
https:/
version 3.4.7:
- avcodec/g729dec: require buf_size to be non 0
- avcodec/alac: Fix integer overflow in lpc_prediction() with sign
- avcodec/wmaprodec: Fix buflen computation in save_bits()
- avcodec/vc1_block: Fix integer overflow in AC rescaling in vc1_decode_
- avcodec/vmdaudio: Check chunk counts to avoid integer overflow
- avformat/mxfdec: Clear metadata_sets_count in mxf_read_close()
- avcodec/nuv: Use ff_set_dimensions()
- avcodec/
- avcodec/ralf: Fix integer overflows with the filter coefficient in decode_channel()
- avcodec/g729dec: Use 64bit and clip in scalar product
- avcodec/mxpegdec: Check for multiple SOF
- avcodec/nuv: Move comptype check up
- avcodec/wmavoice: Fix integer overflow in synth_frame()
- avcodec/rawdec: Check bits_per_
- avutil/lfg: Correct index increment type to avoid undefined behavior
- avcodec/cngdec: Remove AV_CODEC_CAP_DELAY
- avcodec/iff: Move index use after check in decodeplane8()
- avcodec/atrac3: Check for huge block aligns
- avcodec/ralf: use multiply instead of shift to avoid undefined behavior in decode_block()
- avcodec/wmadec: Require previous exponents for reuse
- avcodec/vc1_block: Fix undefined behavior in ac prediction rescaling
- avcodec/qdm2: The smallest header seems to have 2 bytes so treat 1 as invalid
- avcodec/apedec: Fixes integer overflow of res+*data in do_apply_filter()
- avcodec/sonic: Fix integer overflow in predictor_
- avformat/mp3dec: Check that the frame fits within the probe buffe
- lavc/tableprint
- avcodec/wmaprodec: get frame during frame decode
- avcodec/
- avcodec/adpcm: Fix undefined behavior with negative predictions in IMA OKI
- avcodec/cook: Move up and extend block_align check
- avcodec/twinvq: Check block_align
- avcodec/cook: Enlarge gain table
- avcodec/cook: Check samples_per_channel earlier
- avcodec/atrac3plus: Check split point in fill mode 3
- avcodec/wmavoice: Check sample_rate
- avcodec/xsubdec: fix overflow in alpha handling
- avcodec/iff: Check available space before entering loop in decode_
- avcodec/apedec: Fix integer overflow in filter_3800()
- avutil/lfg: Document the AVLFG struct
- avcodec/ffv1dec: Use a different error message for the slice level CRC
- avcodec/apedec: Fix undefined integer overflow in long_filter_
- avcodec/dstdec: Check that AC probabilities are within range
- avcodec/dstdec: Check read_table() for failure
- avcodec/snowenc: Set mb_num to avoid ratecontrol floating point divisions by 0.0
- avcodec/snowenc: Fix 2 undefined shifts
- avformat/nutenc: Do not pass NULL to memcmp() in get_needed_flags()
- avcodec/
- avcodec/
- avcodec/utils: Check block_align
- avcodec/
- avcodec/adpcm: Fix invalid shifts in ADPCM DTK
- avcodec/apedec: Only clear the needed buffer space, instead of all
- avcodec/
- avcodec/g723_1dec: fix invalid shift with negative sid_gain
- avcodec/vp5: Check render_x/y
- avcodec/qdrw: Check input for header/skiped space before get_buffer()
- avcodec/ralf: Skip initializing unused filter variables
- avcodec/takdec: Fix overflow with large sample rates
- avcodec/alsdec: Check that input space for header exists in read_diff_
- avformat/pjsdec: Check duration for overflow
- avcodec/ptx: Check that the input contains at least one line
- avcodec/alac: Fix integer overflow in LPC
- avcodec/smacker: Fix integer overflows in pred[] in smka_decode_frame()
- avcodec/
- avcodec/
- avcodec/vc1_block: Fixes integer overflow in vc1_decode_
- avcodec/
- avcodec/
- avcodec/binkaudio: Check sample rate
- avcodec/adpcm: Check initial predictor for ADPCM_IMA_EA_EACS
- avcodec/g723_1dec: Fix overflow in shift
- avcodec/apedec: Fix integer overflow in predictor_
- avcodec/
- avcodec/
- avcodec/lsp: Fix undefined shifts in lsp2poly()
- avcodec/adpcm: Fix left shifts in AV_CODEC_
- avformat/
- avfilter/vf_geq: Use av_clipd() instead of av_clipf()
- avcodec/wmaprodec: Check that the streams channels do not exceed the overall channels
- avcodec/qdmc: Check input space in qdmc_get_vlc()
- avcodec/pcm: Check bits_per_
- avcodec/exr: Allow duplicate use of channel indexes
- avcodec/fitsdec: Fail on 0 naxisn
- avcodec/ituh263dec: Check input for minimal frame size
- avcodec/
- avformat/mpsubdec: Clear queue on error
- avcodec/sunrast: Check that the input is large enough for the maximally compressed image
- avcodec/sunrast: Check for availability of maplength before allocating image
- avformat/subtitles: Check nb_subs in ff_subtitles_
- avcodec/wmaprodec: Check if there is a stream
- avcodec/g2meet: Check for end of input in jpg_decode_block()
- avcodec/g2meet: Check if adjusted pixel was on the stack
- avformat/
- avcodec/utils: Check sample_rate before opening the decoder
- avcodec/fitsdec: fix use of uninitialised values
- avcodec/
- avcodec/ralf: Fix integer overflow in decode_channel()
- vcodec/vc1: compute rangex/y only for P/B frames
- avcodec/vc1_pred: Fix invalid shifts in scaleforopp()
- avcodec/vc1_block: Fix invalid shift with rangeredfrm
- avcodec/vc1: Check for excessive resolution
- avcodec/vc1: check REFDIST
- avcodec/apedec: Fix several integer overflows in predictor_
- avcodec/hevc_cabac: Tighten the limit on k in ff_hevc_
- avcodec/4xm: Check index in decode_i_block() also in the path where its not used.
- avcodec/atrac3: Check block_align
- avcodec/alsdec: Avoid dereferencing context pointer in inner interleave loop
- avcodec/fitsdec: Prevent division by 0 with huge data_max
- avcodec/dstdec: Fix integer overflow in samples_per_frame computation
- avcodec/
- avcodec/utils: Optimize ff_color_frame() using memcpy()
- avcodec/aacdec: Check if we run out of input in read_stream_
- avcodec/utils: Use av_memcpy_backptr() in ff_color_frame()
- avcodec/smacker: Fix integer overflow in signed int multiply in SMK_BLK_FILL
- avcodec/alac: Fix invalid shifts in 20/24 bps
- avcodec/alac: fix undefined behavior with INT_MIN in lpc_prediction()
- avcodec/
- avcodec/adpcm: Check number of channels for MTAF
- avcodec/sunrast: Fix indention
- avcodec/sunrast: Fix return type for "unsupported (compression) type"
- avformat/mov: Check for EOF in mov_read_meta()
- avcodec/hevcdec: Fix memleak of a53_caption
- avformat/cdxl: Fix integer overflow in intermediate
- avcodec/hevcdec: repeat character in skiped
- avcodec/gdv: Replace assert() checking bitstream by if()
- libavcodec/utils: Free threads on init failure
- avcodec/
- avcodec/alsdec: Check k from being outside what our implementation can handle
- avcodec/takdec: Fix integer overflow in decorrelate()
- avcodec/aacps: Fix integer overflows in hybrid_synthesis()
- avcodec/vp56rac: delay signaling an error on truncated input
- avcodec/vp5/6/8: use vpX_rac_is_end()
- avcodec/vp56: Add vpX_rac_is_end() to check for the end of input
- avcodec/qdm2: Check frame size
- avcodec/vc1_pred: Fix refdist in scaleforopp()
- avcodec/vorbisdec: fix FASTDIV usage for vr_type == 2
- avcodec/iff: Check for overlap in cmap_read_palette()
- avcodec/apedec: Fix 32bit int overflow in do_apply_filter()
- avcodec/ralf: fix undefined shift in extend_code()
- avcodec/ralf: fix undefined shift
- avcodec/bgmc: Check input space in ff_bgmc_
- avcodec/
- avcodec/vc1dec: Require res_sprite for wmv3images
- avcodec/vc1_block: Check for double escapes
- avcodec/vorbisdec: Check get_vlc2() failure
- avcodec/tta: Fix integer overflow in prediction
- avcodec/vb: Check input packet size to be large enough to contain flags
- avcodec/cavsdec: Limit the number of access units per packet to 2
- avcodec/alac: Check for bps of 0
- avcodec/alac: Fix multiple integer overflows in lpc_prediction()
- avcodec/rl2: set dimensions
- avcodec/aacdec: Add FF_CODEC_
- avcodec/idcinvideo: Add 320x240 default maximum resolution
- avformat/
- avcodec/alsdec: Fix integer overflow in decode_
- avcodec/alsdec: Limit maximum channels to 512
- avcodec/anm: Check input size for a frame with just a stop code
- avcodec/flicvideo: Optimize and Simplify FLI_COPY in flic_decode_
- avcodec/loco: Check left column value
- avcodec/
- avcodec/
- avcodec/indeo2: Check remaining input more often
- avcodec/diracdec: Check that slices are fewer than pixels
- avcodec/vp56: Consider the alpha start as end of the prior header
- avcodec/4xm: Check for end of input in decode_p_block()
- avcodec/hevcdec: Check delta_luma_
- avcodec/hnm4video: Optimize postprocess_
- avcodec/hevc_refs: Optimize 16bit generate_
- avcodec/scpr: Use av_memcpy_backptr() in type 17 and 33
- avcodec/dds: Use ff_set_dimensions()
- avcodec/mpc8: Fix 32bit mask/enum
- avcodec/alsdec: Fix integer overflows of raw_samples in decode_
- avcodec/alsdec: Fix integer overflow of raw_samples in decode_blocks()
- avcodec/alsdec: fix mantisse shift
- avcodec/
- libavcodec/iff: Use unsigned to avoid undefined behaviour
- avcodec/alsdec: Check for block_length <= 0 in read_var_
- avcodec/vqavideo: Set video size
- avcodec/sanm: Check extradata_size before allocations
- avcodec/mss1: check for overread and forward errors
- avcodec/
- avcodec/ralf: Fix undefined pointer in decode_channel()
- avcodec/ralf: Fix integer overflow in apply_lpc()
- avcodec/vorbisdec: Implement vr->classifications = 1
- avcodec/vorbisdec: Check parameters in vorbis_
- avformat/
- avcodec/apedec: Fix 2 signed overflows
- avcodec/mss3: Check for the rac stream being invalid in rac_normalize()
- avcodec/vc1_block: Check get_vlc2() return before use
- avcodec/apedec: Do not partially clear data array
- avcodec/hnm4video: Forward errors of decode_
- avcodec/vp3: Check that theora is theora
- avcodec/vc1_pred: Fix invalid shift in scaleforsame()
- avcodec/vc1_block: Fix integer overflow in ff_vc1_pred_dc()
- avcodec/
- avcodec/apedec: make left/right unsigned to avoid undefined behavior
- avcodec/apedec: Fix multiple integer overflows and undefined behaviorin filter_3800()
- avformat/mpc: deallocate frames array on errors
- avcodec/eatqi: Check for minimum frame size
- avcodec/eatgv: Check remaining size after the keyframe header
- avcodec/assdec: undefined use of memcpy()
- avcodec/brenderpix: Check input size before allocating image
- lafv/wavdec: Fail bext parsing on incomplete reads
- avcodec/utils: fix leak of subtitle_header on error path
- avcodec/utils: Check close before calling it
- avcodec/vorbisdec: Check vlc for floor0 dec vector offset
- avcodec/vorbisdec: amplitude bits can be more than 25 bits
- avutil/
- avcodec/apedec: Fix various integer overflows
- avcodec/apedec: Fix multiple integer overflows in predictor_
- avcodec/alsdec: fix undefined shift in multiply()
- avcodec/alsdec: Fix 2 integer overflows
- avcodec/flicvideo: Make line_packets int
- avcodec/dvbsubdec: Use ff_set_dimensions()
- avcodec/
- avcodec/
- avcodec/
- avcodec/
- avcodec/
- avformat/utils: Check rfps_duration_sum for overflow
- avcodec/h264_refs: Also check reference in ff_h264_
- avcodec/parser: Check next index validity in ff_combine_frame()
- avcodec/ivi: Ask for samples with odd tiles
- avformat/xmv: Make bitrate 64bit
- avcodec/pngdec: Check that previous_picture has same w/h/format
- avcodec/huffyuv: remove gray8a (the format is listed but not supported by the implementation)
- avcodec/mpc8: Fixes invalid shift in mpc8_decode_frame()
- avcodec/utils, avcodec_open2: close codec on failure
- avcodec/golomb: Correct the doxy about get_ue_golomb() and errors
- avformat/utils: Check timebase before use in estimate_timings()
- avcodec/hq_hqa: Use ff_set_dimensions()
- avcodec/rv10: Fix integer overflow in aspect ratio compare
- avcodec/4xm: Fix signed integer overflows in idct()
- avcodec/qdm2: Check checksum_size for 0
- avcodec/qdm2: error out of qdm2_fft_
- avcodec/qdm2: Do not read out of array in fix_coding_
- avcodec/svq3: Use ff_set_dimension()
- avcodec/iff: Check ham vs bpp
- avcodec/
- avcodec/
- avcodec/
- avcodec/flicvideo: Fix off by 1 error in flic_decode_
- avcodec/vc1_block: Check for vlc error in vc1_decode_
- avcodec/alac: Check lpc_quant
- avcodec/alsdec: Add FF_CODEC_
- avcodec/alsdec: Fix integer overflow with buffer number
- avcodec/alsdec: Fixes signed integer overflow in LSB addition
- avcodec/alsdec: Check opt_order / sb_length in ra_block handling
- avcodec/alsdec: Fix integer overflow with shifting samples
- avcodec/alsdec: Fix undefined behavior in decode_rice()
- avcodec/alsdec: Fixes invalid shifts in read_var_
- avcodec/hevc_ps: Change num_tile_
- avcodec/hevc_ps: Fix integer overflow with num_tile_rows and num_tile_columns
- avcodec/apedec: Add k < 24 check to the only k++ case which lacks such a check
- avformat/aviobuf: Delay buffer downsizing until asserts are met
- avcodec/fitsdec: Check data_min/max
- avcodec/m101: Fix off be 2 error
- avcodec/qdm2: Move fft_order check up
- avcodec/
- avformat/vqf: Check header_size
- avcodec/utils: Check bits_per_
- avcodec/
- avcodec/alsdec: Fix invalid shift in multiply()
- avcodec/
- avcodec/vc1dsp: Avoid undefined shifts in vc1_v_s_overlap_c / vc1_h_s_overlap_c
- avcodec/tta: Fix undefined shift
- avcodec/qdmc: Fix integer overflows in PRNG
- avcodec/bintext: Check font height
- avcodec/binkdsp: Fix integer overflows in idct
- avcodec/
- avcodec/loco: Limit lossy parameter so it is sane and does not overflow
- avformat/mov: Set fragment.found_tfhd only after TFHD has been parsed
- avcodec/xpmdec: Do not use context dimensions as temporary variables
- avcodec/fitsdec: Fix division by 0 in size check
- avcodec/
- avcodec/
- avcodec/iff: finetune the palette size check in the mask case
- avcodec/iff: Fix mask_buf / mask_palbuf leak
- avformat/icodec: Free ico->images on error paths
- avformat/wsddec: Fix undefined shift
- avcodec/fmvc: Check if header fields are available before allocating the image
- avcodec/bink: Reorder operations in init to avoid memleak on error
- avformat/wtvdec: Avoid (32bit signed) sectors
- avcodec/bitstream: Check for more conflicting codes in build_table()
- avcodec/bitstream: Check for integer code truncation in build_table()
- avformat/sbgdec: Fixes integer overflow in str_to_time() with hours
- avformat/vpk: Check offset for validity
- avformat/vpk: Fix integer overflow in samples_per_block computation
- avcodec/mjpegdec: Check for non ls PAL8
- avcodec/
- avcodec/h264_parse: Use 64bit for expectedpoc and expected_
- avcodec/mss4: Check input size against skip bits
- avcodec/diracdec: Fix integer overflow in global_mv()
- avcodec/vmnc: Check available space against chunks before reget_buffer()
- avcodec/
- avcodec/
- avcodec/
- avcodec/
- avformat/mp3enc: Avoid SEEK_END as it is unsupported
- avcodec/
- avformat/
- avformat/
- avcodec/cpia: Check input size also against linesizes and EOL
- swscale/
- libswcale: Fix possible string overflow in test.
- avcodec/hq_hqa: Check available space before reading slice offsets
- lavf/webm_chunk: Respect buffer size
- avcodec/fits: Check bitpix
- avcodec/jvdec: Use ff_get_buffer() when the content is not reused
- avcodec/
- avcodec/jpeg2000: Check stepsize before using it
- avcodec/
- avutil/avstring: Fix bug and undefined behavior in av_strncasecmp()
- avformat/mov: Skip stsd adjustment without chunks
- avformat/aadec: Check for scanf() failure
- avcodec/
- avcodec/ivi: Move buffer/block end check to caller of ivi_dc_transform()
- avcodec/diracdec: Use 64bit in intermediate of global motion vector field generation
- avcodec/
- avcodec/rscc: Check that the to be uncompressed input is large enough
- avcodec/bsf: check that AVBSFInternal was allocated before dereferencing it
- lavf/rawenc: Only accept the appropriate stream type for raw muxers.
- avcodec/h263dec: fix hwaccel decoding
- avutil/mem: Fix invalid use of av_alloc_size
- avformat/aacdec: resync to the next adts frame on invalid data instead of aborting
- avformat/aacdec: factorize the adts frame resync code
CVE References
information type: | Public → Public Security |
tags: | added: bionic upgrade-software-version |
Thanks for taking the time to report this bug and helping to make Ubuntu better. Since the package referred to in this bug is in universe or multiverse, it is community maintained. If you are able, I suggest coordinating with upstream and posting a debdiff for this issue. When a debdiff is available, members of the security team will review it and publish the package. See the following link for more information: https:/ /wiki.ubuntu. com/SecurityTea m/UpdateProcedu res