1100345 – (CVE-2018-13305) VUL-0: CVE-2018-13305: ffmpeg: In FFmpeg 4.0.1, due to a missing check for negative values of the mqauntvariable, the vc1_put_blocks_clamped function in libavcodec/vc1_block.c maytrigger an out-of-array access while converting a crafted A

Bug 1100345 (CVE-2018-13305) - VUL-0: CVE-2018-13305: ffmpeg: In FFmpeg 4.0.1, due to a missing check for negative values of the mqauntvariable, the vc1_put_blocks_clamped function in libavcodec/vc1_block.c maytrigger an out-of-array access while converting a crafted A

Summary: VUL-0: CVE-2018-13305: ffmpeg: In FFmpeg 4.0.1, due to a missing check for ne...

Status:	RESOLVED FIXED

Alias:	CVE-2018-13305

Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents (show other bugs)
Version:	unspecified
Hardware:	Other Other

Priority:	P3 - Medium Severity: Normal
Target Milestone:	---
Assignee:	Security Team bot
QA Contact:	Security Team bot

URL:	https://smash.suse.de/issue/209620/
Whiteboard:	CVSSv3:SUSE:CVE-2018-13305:5.3:(AV:L/...
Keywords:

Depends on:
Blocks:

Clone This Bug

Reported:	2018-07-06 06:06 UTC by Marcus Meissner
Modified:	2024-04-22 17:15 UTC (History)
CC List:	4 users (show)

See Also:
Found By:	Security Response Team
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Marcus Meissner 2018-07-06 06:06:47 UTC

CVE-2018-13305

In FFmpeg 4.0.1, due to a missing check for negative values of the mqaunt
variable, the vc1_put_blocks_clamped function in libavcodec/vc1_block.c may
trigger an out-of-array access while converting a crafted AVI file to MPEG4,
leading to an information disclosure or a denial of service.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-13305
https://github.com/FFmpeg/FFmpeg/commit/d08d4a8c7387e758d439b0592782e4cfa2b4d6a4

Comment 1 Marcus Meissner 2018-07-06 06:11:39 UTC

function is not in ffmpeg 3 in sle15, but the fixed piece of code is

Comment 3 Qiang Zheng 2018-09-05 06:54:14 UTC

According to the upstream, this issue was introduced by 144ce36 which is not part of any release. Multimedia:libs/ffmpeg-4/ffmpeg-4.0.2 doesn't have this issue.

Comment 4 Johannes Segitz 2018-10-11 07:58:33 UTC

I see the vulnerable code in our package, please check again. Thanks

Comment 10 Johannes Segitz 2018-10-25 08:34:37 UTC

I see the fix was already submitted, please needinfo me again if there's something unclear

Comment 11 Swamp Workflow Management 2018-11-02 20:11:00 UTC

SUSE-SU-2018:3609-1: An update that fixes four vulnerabilities is now available.

Category: security (moderate)
Bug References: 1097983,1100345,1100348,1105869
CVE References: CVE-2018-12458,CVE-2018-13300,CVE-2018-13305,CVE-2018-15822
Sources used:
SUSE Linux Enterprise Workstation Extension 15 (src):    ffmpeg-3.4.2-4.12.4
SUSE Linux Enterprise Module for Packagehub Subpackages 15 (src):    ffmpeg-3.4.2-4.12.4
SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (src):    ffmpeg-3.4.2-4.12.4
SUSE Linux Enterprise Module for Desktop Applications 15 (src):    ffmpeg-3.4.2-4.12.4

Comment 12 Swamp Workflow Management 2019-12-12 16:20:06 UTC

This is an autogenerated message for OBS integration:
This bug (1100345) was mentioned in
https://build.opensuse.org/request/show/756103 15.1+Backports:SLE-12-SP2+Backports:SLE-15+Backports:SLE-15-SP1 / ffmpeg-4

Comment 13 Swamp Workflow Management 2019-12-14 07:30:07 UTC

This is an autogenerated message for OBS integration:
This bug (1100345) was mentioned in
https://build.opensuse.org/request/show/756985 15.1+Backports:SLE-12-SP2+Backports:SLE-15+Backports:SLE-15-SP1 / ffmpeg-4

Comment 14 Swamp Workflow Management 2020-01-13 23:13:08 UTC

openSUSE-SU-2020:0024-1: An update that fixes 5 vulnerabilities is now available.

Category: security (moderate)
Bug References: 1100345,1133123,1133153,1133155,1149839
CVE References: CVE-2017-17555,CVE-2018-13305,CVE-2019-11338,CVE-2019-11339,CVE-2019-15942
Sources used:
SUSE Package Hub for SUSE Linux Enterprise 12 (src):    ffmpeg-4-4.0.5-17.1

Comment 15 Swamp Workflow Management 2020-01-13 23:17:46 UTC

openSUSE-SU-2020:0024-1: An update that fixes 5 vulnerabilities is now available.

Category: security (moderate)
Bug References: 1100345,1133123,1133153,1133155,1149839
CVE References: CVE-2017-17555,CVE-2018-13305,CVE-2019-11338,CVE-2019-11339,CVE-2019-15942
Sources used:
openSUSE Leap 15.1 (src):    ffmpeg-4-4.2.1-lp151.2.3.1
openSUSE Backports SLE-15-SP1 (src):    ffmpeg-4-4.2.1-bp151.5.3.1
openSUSE Backports SLE-15 (src):    ffmpeg-4-4.2.1-bp150.24.1
SUSE Package Hub for SUSE Linux Enterprise 12 (src):    ffmpeg-4-4.0.5-17.1

Comment 16 Alexandros Toptsoglou 2020-04-29 11:49:34 UTC

Done

Comment 18 OBSbugzilla Bot 2024-04-22 14:25:36 UTC

This is an autogenerated message for OBS integration:
This bug (1100345) was mentioned in
https://build.opensuse.org/request/show/1169676 Backports:SLE-15-SP5 / ffmpeg-4

Comment 19 OBSbugzilla Bot 2024-04-22 17:15:35 UTC

This is an autogenerated message for OBS integration:
This bug (1100345) was mentioned in
https://build.opensuse.org/request/show/1169721 Backports:SLE-15-SP5 / ffmpeg-4