[SECURITY] [DSA 3957-1] ffmpeg security update

2017-08-2820:49:57

lists.debian.org

EPSS

0.039

Percentile

92.0%

JSON

Debian Security Advisory DSA-3957-1 [email protected]
https://www.debian.org/security/ Luciano Bello
August 28, 2017 https://www.debian.org/security/faq

Package : ffmpeg
CVE ID : CVE-2017-9608 CVE-2017-9993 CVE-2017-11399 CVE-2017-11665
CVE-2017-11719

Several vulnerabilities have been discovered in FFmpeg, a multimedia
player, server and encoder. These issues could lead to Denial-of-Service
and, in some situation, the execution of arbitrary code.

CVE-2017-9608

Yihan Lian of Qihoo 360 GearTeam discovered a NULL pointer access when
parsing a crafted MOV file.

CVE-2017-9993

Thierry Foucu discovered that it was possible to leak information from
files and symlinks ending in common multimedia extensions, using the
HTTP Live Streaming.

CVE-2017-11399

Liu Bingchang of IIE discovered an integer overflow in the APE decoder
that can be triggered by a crafted APE file.

CVE-2017-11665

JunDong Xie of Ant-financial Light-Year Security Lab discovered that
an attacker able to craft a RTMP stream can crash FFmpeg.

CVE-2017-11719

Liu Bingchang of IIE discovered an out-of-bound access that can be
triggered by a crafted DNxHD file.

For the stable distribution (stretch), these problems have been fixed in
version 7:3.2.7-1~deb9u1.

We recommend that you upgrade your ffmpeg packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: [email protected]

OSVersionArchitecturePackageVersionFilename
Debian8armellibavfilter5< 11.12-1~deb8u4libavfilter5_11.12-1~deb8u4_armel.deb
Debian9i386libavcodec-extra57-dbgsym< 3.2.7-1~deb9u1libavcodec-extra57-dbgsym_3.2.7-1~deb9u1_i386.deb
Debian9arm64libswscale4-dbgsym< 3.2.7-1~deb9u1libswscale4-dbgsym_3.2.7-1~deb9u1_arm64.deb
Debian8armhflibavresample-dev< 11.12-1~deb8u4libavresample-dev_11.12-1~deb8u4_armhf.deb
Debian9mips64ellibavfilter-extra6-dbgsym< 3.2.7-1~deb9u1libavfilter-extra6-dbgsym_3.2.7-1~deb9u1_mips64el.deb
Debian9ppc64ellibswscale-dev< 3.2.7-1~deb9u1libswscale-dev_3.2.7-1~deb9u1_ppc64el.deb
Debian8amd64libavdevice55< 11.12-1~deb8u4libavdevice55_11.12-1~deb8u4_amd64.deb
Debian9i386ffmpeg-dbgsym< 3.2.7-1~deb9u1ffmpeg-dbgsym_3.2.7-1~deb9u1_i386.deb
Debian9amd64libavutil55< 3.2.7-1~deb9u1libavutil55_3.2.7-1~deb9u1_amd64.deb
Debian8armhflibav-tools< 11.12-1~deb8u4libav-tools_11.12-1~deb8u4_armhf.deb

OS	Version	Architecture	Package	Version	Filename
Debian	8	armel	libavfilter5	< 11.12-1~deb8u4	libavfilter5_11.12-1~deb8u4_armel.deb
Debian	9	i386	libavcodec-extra57-dbgsym	< 3.2.7-1~deb9u1	libavcodec-extra57-dbgsym_3.2.7-1~deb9u1_i386.deb
Debian	9	arm64	libswscale4-dbgsym	< 3.2.7-1~deb9u1	libswscale4-dbgsym_3.2.7-1~deb9u1_arm64.deb
Debian	8	armhf	libavresample-dev	< 11.12-1~deb8u4	libavresample-dev_11.12-1~deb8u4_armhf.deb
Debian	9	mips64el	libavfilter-extra6-dbgsym	< 3.2.7-1~deb9u1	libavfilter-extra6-dbgsym_3.2.7-1~deb9u1_mips64el.deb
Debian	9	ppc64el	libswscale-dev	< 3.2.7-1~deb9u1	libswscale-dev_3.2.7-1~deb9u1_ppc64el.deb
Debian	8	amd64	libavdevice55	< 11.12-1~deb8u4	libavdevice55_11.12-1~deb8u4_amd64.deb
Debian	9	i386	ffmpeg-dbgsym	< 3.2.7-1~deb9u1	ffmpeg-dbgsym_3.2.7-1~deb9u1_i386.deb
Debian	9	amd64	libavutil55	< 3.2.7-1~deb9u1	libavutil55_3.2.7-1~deb9u1_amd64.deb
Debian	8	armhf	libav-tools	< 11.12-1~deb8u4	libav-tools_11.12-1~deb8u4_armhf.deb