Re: CVE Request: FFmpeg 2.0.1 multiple problems

[Kurt Seifried <kseifried () redhat com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 08/20/2013 06:25 PM, Michael Niedermayer wrote:
> Hi
>
> Id like to request CVE(s) for FFmpeg 2.0.1, for the changes below:
>
>
> https://github.com/FFmpeg/FFmpeg/commit/e43a0a232dbf6d3c161823c2e07c52e76227a1bc
Out of array (on heap) write
> Found-by: wm4

Please use CVE-2013-4263 for this issue.

> https://github.com/FFmpeg/FFmpeg/commit/2960576378d17d71cc8dccc926352ce568b5eec1
https://trac.ffmpeg.org/ticket/2842
> testcase and valgrind output on bugtracker above Out of array (on
> heap) write Found-by: Piotr Bandurski <ami_stuff () o2 pl>

Please use CVE-2013-4264 for this issue.

> https://github.com/FFmpeg/FFmpeg/commit/c94f9e854228e0ea00e1de8769d8d3f7cab84a55
Found-by: Laurent Butti <laurentb () gmail com>
> Wrong return code that could lead to NULL+offset to be written to
> after memory allocation failure

Please use CVE-2013-4265 for this issue.

> Thanks


- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (GNU/Linux)

iQIcBAEBAgAGBQJSFRtZAAoJEBYNRVNeJnmTJCcQAIUHn6MA6rAD9Bbg/+GPx3GP
VL547+wrqu2qo+9nObJNn6ax7x0MUufcVK0W1aXnNqqhPsFaivo208lvxRAFho66
F+lusaSJP7HoUz6EG8AxSdcyf0ScoXJGHXnZ89FP33SgLh6bOX6UjsnTF87KLMtY
7NZpMyDpKtDp80toyVWVAyLEsJEJYM9KkWhuD9SzleaEW2I7zRzZO2QDv9DqazVL
jrVrAU/4JbR8mwOUj66cM7Gddae0Y+52YclszkbiO+5KV4Um3CJAB3cSxMUzxhh5
bMT/gPpCh0e2380pRM6pCz7p0fgrb6mQd01FYN5C0aJTJA2XIpdsZsn4nFp8xl22
xRhueV3lSOgq+HYiMJW202mLNF7eeurMh+sOJ53Spz+7vxjQpv2BOZ9fgdYzqiua
yGqzm25zcjY0yVOHxHZH0ktkRfkp/2KGJWcWvo0ly9Kql7D3LcYv8iOABy5rymJt
sIJJZXKvfD6ZbgWQ/iAj9dOOAmHCZFsrzJNqP/35m39Rst0N45x6/6aujSOJrXzG
WTxR8jDqITvCOc6NOU+qNKW6ZanVXAGjoqae0q1j41fHq4dnUKhg19aEOdNaD6Vg
xE8kFAqcmg0zmmx+DeA4El9Y9IuWw2feIv27J4KnwGVpL1IhDvwKn8qPjKtutkEk
4R/BgFMU27Ds2b4MyauY
=wW2e
-----END PGP SIGNATURE-----