oss-sec mailing list archives
Re: CVE Request: FFmpeg 2.0.1 multiple problems
From: Kurt Seifried <kseifried () redhat com>
Date: Wed, 21 Aug 2013 13:56:09 -0600
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 08/20/2013 06:25 PM, Michael Niedermayer wrote:
Hi Id like to request CVE(s) for FFmpeg 2.0.1, for the changes below: https://github.com/FFmpeg/FFmpeg/commit/e43a0a232dbf6d3c161823c2e07c52e76227a1bc
Out of array (on heap) write
Found-by: wm4
Please use CVE-2013-4263 for this issue.
https://github.com/FFmpeg/FFmpeg/commit/2960576378d17d71cc8dccc926352ce568b5eec1
https://trac.ffmpeg.org/ticket/2842
testcase and valgrind output on bugtracker above Out of array (on heap) write Found-by: Piotr Bandurski <ami_stuff () o2 pl>
Please use CVE-2013-4264 for this issue.
https://github.com/FFmpeg/FFmpeg/commit/c94f9e854228e0ea00e1de8769d8d3f7cab84a55
Found-by: Laurent Butti <laurentb () gmail com>
Wrong return code that could lead to NULL+offset to be written to after memory allocation failure
Please use CVE-2013-4265 for this issue.
Thanks
- -- Kurt Seifried Red Hat Security Response Team (SRT) PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.14 (GNU/Linux) iQIcBAEBAgAGBQJSFRtZAAoJEBYNRVNeJnmTJCcQAIUHn6MA6rAD9Bbg/+GPx3GP VL547+wrqu2qo+9nObJNn6ax7x0MUufcVK0W1aXnNqqhPsFaivo208lvxRAFho66 F+lusaSJP7HoUz6EG8AxSdcyf0ScoXJGHXnZ89FP33SgLh6bOX6UjsnTF87KLMtY 7NZpMyDpKtDp80toyVWVAyLEsJEJYM9KkWhuD9SzleaEW2I7zRzZO2QDv9DqazVL jrVrAU/4JbR8mwOUj66cM7Gddae0Y+52YclszkbiO+5KV4Um3CJAB3cSxMUzxhh5 bMT/gPpCh0e2380pRM6pCz7p0fgrb6mQd01FYN5C0aJTJA2XIpdsZsn4nFp8xl22 xRhueV3lSOgq+HYiMJW202mLNF7eeurMh+sOJ53Spz+7vxjQpv2BOZ9fgdYzqiua yGqzm25zcjY0yVOHxHZH0ktkRfkp/2KGJWcWvo0ly9Kql7D3LcYv8iOABy5rymJt sIJJZXKvfD6ZbgWQ/iAj9dOOAmHCZFsrzJNqP/35m39Rst0N45x6/6aujSOJrXzG WTxR8jDqITvCOc6NOU+qNKW6ZanVXAGjoqae0q1j41fHq4dnUKhg19aEOdNaD6Vg xE8kFAqcmg0zmmx+DeA4El9Y9IuWw2feIv27J4KnwGVpL1IhDvwKn8qPjKtutkEk 4R/BgFMU27Ds2b4MyauY =wW2e -----END PGP SIGNATURE-----
Current thread:
- CVE Request: FFmpeg 2.0.1 multiple problems Michael Niedermayer (Aug 20)
- Re: CVE Request: FFmpeg 2.0.1 multiple problems Kurt Seifried (Aug 21)