oss-sec mailing list archives
Re: CVE Request: ffmpeg
From: Kurt Seifried <kseifried () redhat com>
Date: Sun, 04 Dec 2011 11:36:31 -0700
On 12/04/2011 04:06 AM, Marc Deslauriers wrote:
Hello, This doesn't seem to have a CVE: An error within the "svq1_decode_frame()" function (libavcodec/svq1dec.c) can be exploited to corrupt memory. http://git.videolan.org/?p=ffmpeg.git;a=commit;h=4931c8f0f10bf8dedcf626104a6b85bfefadc6f2 http://secunia.com/advisories/46888/ http://archives.neohapsis.com/archives/bugtraq/2011-11/0148.html Thanks, Marc.
The secunia page lists 3 CVE's and 4 issues with no mappings to CVE's to issues that I can see. Can you reply with the mapping information that you used to determine that this issue was not assigned a CVE (as opposed to one of the other issues)?. Also can you confirm or proove that these 4 issues are all separate and that two of them have not been merged (thus obviating any need for a third CVE)? Thanks in advance. If anyone from Secunia is on this list I'd love to hear from you/any comments on this issue are more then welcome. -- -Kurt Seifried / Red Hat Security Response Team
Current thread:
- CVE Request: ffmpeg Marc Deslauriers (Dec 04)
- Re: CVE Request: ffmpeg Kurt Seifried (Dec 04)
- Re: CVE Request: ffmpeg Marc Deslauriers (Dec 05)
- Re: CVE Request: ffmpeg Kurt Seifried (Dec 06)
- Re: CVE Request: ffmpeg Marc Deslauriers (Dec 05)
- Re: CVE Request: ffmpeg Kurt Seifried (Dec 04)