oss-sec mailing list archives
Re: libav: out-of-bounds stack read
From: cve-assign () mitre org
Date: Sat, 10 Sep 2016 16:26:26 -0400 (EDT)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
https://blogs.gentoo.org/ago/2016/08/20/libav-stack-based-buffer-overflow-in-aac_sync-aac_parser-c/
libav: stack-based buffer overflow in aac_sync (aac_parser.c)
The ASan report may be confused because it mentions get_bits, but the issue is in aac_sync.
AddressSanitizer: stack-buffer-overflow READ of size 4
https://git.libav.org/?p=libav.git;a=commit;h=fb1473080223a634b8ac2cca48a632d037a0a69d
aac_parser: add required padding for GetBitContext buffer
libavcodec/aac_parser.c
Use CVE-2016-7393 for this buffer over-read issue. - -- CVE Assignment Team M/S M300, 202 Burlington Road, Bedford, MA 01730 USA [ A PGP key is available for encrypted communications at http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJX1GwHAAoJEHb/MwWLVhi2uWkQAJkvHeVw5VLDmUS2J/yTGh5g +GZPqtoYlIY9rkV164NnkAI7Sd+Zu187c4LRwCsPz9QfrV/Uaar48VszuuQMuUgB omLJG623GRRx/bt2DzIbTmFhI3NEjwATgi29CAd3LmvcMliJUlNib2d40ueQ910c 7Fj3foeYOmodKgOhT0BMR5Gqx82EmItTKxjPyPaBcrkA23fnabcv1JmDlqhpNldz IQByGqnnuFD4mTg5rLnEUE4lErGKBenrj8VjVjL63u+Wf+aBLXo3HMemY+c5zF4P rU9AGOIfMPjbiWXAkFZEACO7fY/BQV6qZEeJoRJB2Q1FCMC24amt9ATsopgEk6ik 2+G1KY1BB0RBJnRsuvnhx87XB4aQ2Er/qEonCLFX4fJCqN4voFLHOiNYPa4CxPEY jXI75or7n3zUldlXeXdMnuK5dkz9Pxbz4iyIEzQJIlucSOXsRDaVwf/nABKVm07W AsAxcOLYJNqh9djM0gxqO4jGaD6keasr55iU4rRd5tb7APhAlt//Ju+1Um6iPQ0U CntH7QgVQgGDOQ6HI0R6llDZZzgQ6gw6wP7W/aZt8Xcc/6V+YK7E/46xFjTgwPtC 7cn/Qp4MHupIyRMZsLcb8Y+ohx4sdmVvBT4N73U/RCcDuBKjE8E1HUS85Eal0C+w Xu6+BEm9Zwypmubgek8H =JK5t -----END PGP SIGNATURE-----
Current thread:
- libav: out-of-bounds stack read Agostino Sarubbo (Sep 10)
- Re: libav: out-of-bounds stack read cve-assign (Sep 10)