oss-sec mailing list archives
Re: CVE request: opus codec before 1.0.2
From: Kurt Seifried <kseifried () redhat com>
Date: Tue, 11 Dec 2012 11:02:15 -0700
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 12/11/2012 05:32 AM, Hanno Böck wrote:
http://lists.xiph.org/pipermail/opus/2012-December/001846.html sounds like a low-severity security issue: "Opus 1.0.2 fixes an out-of-bounds read that could be triggered by a malicious Opus packet by causing an integer wrap-around in the padding code. Considering that the packet would have to be at least 16 MB in size and that no out-of-bounds write is possible, the severity is very low." Fixed in opus 1.0.2.
What's the security impact? does the service crash? - -- Kurt Seifried Red Hat Security Response Team (SRT) PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQIcBAEBAgAGBQJQx3UnAAoJEBYNRVNeJnmTlRsP/j8I3rs8LmQPq95JLGFPNHg1 UF6EX3rCao8E6NzNTJLLXHQWyATqq0dqUyBS3DYsx/ow08+BBZe8ph3GgM1RHikw wrH6W0e6VQNhfNgmwBRy16dCg/OtoeMlbHN+/YR0kkkEaDFdbT5YzsIJ8xqcyDDi D9CXU59lcRF9HdydsCNmyHrQkDSUYkmZYvdpowPaTkHN5cGD9C8/5zWerZhX7j+m lW9PP9Xe1SYgdqVXcr7V79kKL736sqWMyJh9rZuaqAbj/4xtm0qDeXGDFxkk1VOR 2y+8t3nhCy4KvxG4pNBNZtWrPwrQEWm9RhhPxzlCAG98HB/rlWkrb5YwUAeZqnxX lHSzimgsCsD81l/9YT5IGlp4g8z6qd1POqMYltY1BejuxDD1PZP7eIIDpRPgHGQv ciliuEHg9ACO6Fd9ATLxwDgSVyMc4QZbhy2+K3mJxldysK2lAnDH6Vku7rXpBJpq Fstf7Lcq94hJI28Ax/M0/jR+Z3zSbfaSUcu6NN01C34/m7r42VLf0w+UkME3vLbm 7+W9M7+2zCJNaayFNeFbl1uxgtYX2+XqTkENxOYqWHoTjfo2y5gq7sFiKHA9C3ms fhe/ze5shMQ3JI+pmQ2ta+Fust5UGvFT+RKzwGiv1h/eSkL24ue/xX1/6nNmwNJb nhP57AYmyqnPnjHLR9Hl =Lm9n -----END PGP SIGNATURE-----
Current thread:
- CVE request: opus codec before 1.0.2 Hanno Böck (Dec 11)
- Re: CVE request: opus codec before 1.0.2 Kurt Seifried (Dec 11)
- Re: CVE request: opus codec before 1.0.2 Hanno Böck (Dec 13)
- Re: CVE request: opus codec before 1.0.2 Kurt Seifried (Dec 13)
- Re: CVE request: opus codec before 1.0.2 Hanno Böck (Dec 13)
- Re: CVE request: opus codec before 1.0.2 Kurt Seifried (Dec 11)