oss-sec mailing list archives
Re: libav: heap-based buffer overflow in ff_audio_resample (resample.c)
From: cve-assign () mitre org
Date: Wed, 17 Aug 2016 23:28:51 -0400 (EDT)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
I documented a crash in libav here: https://blogs.gentoo.org/ago/2016/08/07/libav-heap-based-buffer-overflow-in-ff_audio_resample-resample-c/
AddressSanitizer: heap-buffer-overflow WRITE of size 2
https://git.libav.org/?p=libav.git;a=commit;h=0ac8ff618c5e6d878c547a8877e714ed728950ce
This bug does not affect ffmpeg.
Use CVE-2016-6832. - -- CVE Assignment Team M/S M300, 202 Burlington Road, Bedford, MA 01730 USA [ A PGP key is available for encrypted communications at http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJXtSTHAAoJEHb/MwWLVhi2ndEP/3JqSSUZDxnNmDkthAetf8Ft VI/misT4mhNA8YZE7RfjwZSwfXHP+OhGSYaWLjnhIMokfM+m01YCtDL/L72+6cMw bvxRHqgrVxACMQT+Z3Thn2huEDQ3bzLAikid1fi/x+wptuipDwmxhuGit4jATbMM R/y1IgWaOOMjm+nDeQkcG9NNvvPlyYVz4tRk/t5ScmLzZva7W6oFoVqFvvGxSwp6 PLmkjDBqHk0/orHswFwzliaHTnnMeeIv/KJvkVBK+5ZeBR3d7IEFuCM8IMjzSBT8 Fu7ltqNqzGVCX3+3U+IUnVxB1Scjzf06d+zVNpibXwnr5TE4kM6+rSadryVXafRp 9biKl2Hkn+wuDt2iy9a1kkUXR2Fk7M6Bb96eOL0VgUUVM6Da3aK5TodveEiMqi0m wXR+moGTzyfEDAH79TIT7wJbP5+cP7dE1l6R38E5ABdZ6tLuc3DFJJyA8gYwKw6s tr2JkDyuO4CIsa9/gAcSPzvlKr2vVDXJeCgk9UxcquZnnNYbe37ZK593WZUosTL7 ZjRgOC8MAGK8KrmIANdec9SIZx0FZzMNegYC2Wj8iz32/KK5NCeky1SPaZ0q6lOk SWLIXLVksg2Y7vgawgY0XkkWsk8kMY+AZlGtRTM7U2ttFiQ++RbzHo+cuFB90rdZ 6A8bgdTD+jVp1nMI9oX7 =KScB -----END PGP SIGNATURE-----
Current thread:
- libav: heap-based buffer overflow in ff_audio_resample (resample.c) Agostino Sarubbo (Aug 13)
- Re: libav: heap-based buffer overflow in ff_audio_resample (resample.c) cve-assign (Aug 17)