Bug 1100348 (CVE-2018-13300) - VUL-1: CVE-2018-13300: ffmpeg: Improper argument (AVCodecParameters) passed to the avpriv_request_sample function in the handle_eac3 function may trigger an out-of-array read
Summary: VUL-1: CVE-2018-13300: ffmpeg: Improper argument (AVCodecParameters) passed t...
Status: RESOLVED FIXED
Alias: CVE-2018-13300
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: Other Other
: P4 - Low : Minor
Target Milestone: ---
Assignee: Security Team bot
QA Contact: Security Team bot
URL: https://smash.suse.de/issue/209615/
Whiteboard: CVSSv3:SUSE:CVE-2018-13300:4.4:(AV:L/...
Keywords:
Depends on:
Blocks:
 
Reported: 2018-07-06 06:19 UTC by Johannes Segitz
Modified: 2024-04-22 17:15 UTC (History)
7 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Johannes Segitz 2018-07-06 06:19:15 UTC 
CVE-2018-13300

In FFmpeg 4.0.1, an improper argument (AVCodecParameters) passed to the
avpriv_request_sample function in the handle_eac3 function in
libavformat/movenc.c may trigger an out-of-array read while converting a crafted
AVI file to MPEG4, leading to a denial of service and possibly an information
disclosure.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-13300
https://github.com/FFmpeg/FFmpeg/commit/95556e27e2c1d56d9e18f5db34d6f756f3011148
Comment 1 Scott Reeves 2018-08-17 22:14:16 UTC 
Hi Yifan, can you have your team take this. Thanks.
Comment 3 Qiang Zheng 2018-08-20 08:36:08 UTC 
The fix is already in multimedia:libs/ffmpeg-4/ffmpeg-4.0.2
Comment 4 Swamp Workflow Management 2018-08-20 10:40:06 UTC 
This is an autogenerated message for OBS integration:
This bug (1100348) was mentioned in
https://build.opensuse.org/request/show/630493 42.3 / ffmpeg-4
https://build.opensuse.org/request/show/630495 15.0 / ffmpeg-4
Comment 5 Andreas Stieger 2018-09-13 08:43:21 UTC 
Quiang... if you submissions get requested can you please make sure that you follow up with them?
Likewise, please use "osc maintained" to catch maintained packages: you left out Package Hub.

Here then is the complete attempt:
https://build.opensuse.org/request/show/635494

Jan is that okay for you?
Comment 6 Jan Engelhardt 2018-09-13 09:28:36 UTC 
Go ahead.
Comment 8 Andreas Stieger 2018-09-14 07:57:10 UTC 
For this particular package:

SLE:

SUSE:SLE-15:Update/ffmpeg

openSUSE devel packages:

multimedia:libs/ffmpeg-3 -> openSUSE:Factory/ffmpeg-3
multimedia:libs/ffmpeg-4 -> openSUSE:Factory/ffmpeg-4

openSUSE Maintenance:

openSUSE:Leap:42.3:Update/ffmpeg-3
openSUSE:Leap:42.3:Update/ffmpeg-4
openSUSE:Leap:15.0:Update/ffmpeg-3
openSUSE:Leap:15.0:Update/ffmpeg-4
openSUSE:Backports:SLE-12-SP2/ffmpeg-4


You can use the sources in multimedia:libs/ffmpeg-3  multimedia:libs/ffmpeg-4 for that.
Comment 9 Qiang Zheng 2018-09-14 07:57:32 UTC 
>osc maintained ffmpeg
SUSE:SLE-10-SP2:Update:Test/ffmpeg
SUSE:SLE-15:Update/ffmpeg

>osc maintained ffmpeg-4
BuildService API error: no packages found by search criteria
# There is no result, Could you please give some advise ?
Comment 12 Swamp Workflow Management 2018-09-15 13:08:39 UTC 
openSUSE-SU-2018:2723-1: An update that solves two vulnerabilities and has one errata is now available.

Category: security (low)
Bug References: 1092241,1100348,1105869
CVE References: CVE-2018-13300,CVE-2018-15822
Sources used:
openSUSE Leap 42.3 (src):    ffmpeg-4-4.0.2-13.1
openSUSE Leap 15.0 (src):    ffmpeg-4-4.0.2-lp150.13.1
Comment 13 Swamp Workflow Management 2018-09-15 13:14:27 UTC 
openSUSE-SU-2018:2734-1: An update that solves two vulnerabilities and has one errata is now available.

Category: security (low)
Bug References: 1092241,1100348,1105869
CVE References: CVE-2018-13300,CVE-2018-15822
Sources used:
SUSE Package Hub for SUSE Linux Enterprise 12 (src):    ffmpeg-4-4.0.2-13.1
Comment 15 Swamp Workflow Management 2018-09-22 07:31:23 UTC 
openSUSE-SU-2018:2723-2: An update that solves two vulnerabilities and has one errata is now available.

Category: security (low)
Bug References: 1092241,1100348,1105869
CVE References: CVE-2018-13300,CVE-2018-15822
Sources used:
openSUSE Backports SLE-15 (src):    ffmpeg-4-4.0.2-bp150.3.3.1
Comment 20 Swamp Workflow Management 2018-11-02 20:11:08 UTC 
SUSE-SU-2018:3609-1: An update that fixes four vulnerabilities is now available.

Category: security (moderate)
Bug References: 1097983,1100345,1100348,1105869
CVE References: CVE-2018-12458,CVE-2018-13300,CVE-2018-13305,CVE-2018-15822
Sources used:
SUSE Linux Enterprise Workstation Extension 15 (src):    ffmpeg-3.4.2-4.12.4
SUSE Linux Enterprise Module for Packagehub Subpackages 15 (src):    ffmpeg-3.4.2-4.12.4
SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (src):    ffmpeg-3.4.2-4.12.4
SUSE Linux Enterprise Module for Desktop Applications 15 (src):    ffmpeg-3.4.2-4.12.4
Comment 21 Swamp Workflow Management 2019-03-28 17:14:31 UTC 
openSUSE-SU-2019:1066-1: An update that solves two vulnerabilities and has one errata is now available.

Category: security (low)
Bug References: 1092241,1100348,1105869
CVE References: CVE-2018-13300,CVE-2018-15822
Sources used:
openSUSE Backports SLE-15 (src):    ffmpeg-4-4.0.2-bp150.21.1

*** NOTE: This information is not intended to be used for external
    communication, because this may only be a partial fix.
    If you have questions please reach out to maintenance coordination.
Comment 22 Alexandros Toptsoglou 2020-04-29 11:50:40 UTC 
Done
Comment 24 OBSbugzilla Bot 2024-04-22 14:25:37 UTC 
This is an autogenerated message for OBS integration:
This bug (1100348) was mentioned in
https://build.opensuse.org/request/show/1169676 Backports:SLE-15-SP5 / ffmpeg-4
Comment 25 OBSbugzilla Bot 2024-04-22 17:15:38 UTC 
This is an autogenerated message for OBS integration:
This bug (1100348) was mentioned in
https://build.opensuse.org/request/show/1169721 Backports:SLE-15-SP5 / ffmpeg-4