Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20130821002548.GC3732@nb4>
Date: Wed, 21 Aug 2013 02:25:48 +0200
From: Michael Niedermayer <michaelni@....at>
To: Open Source Security <oss-security@...ts.openwall.com>
Cc: ffmpeg-security@...peg.org
Subject: CVE Request: FFmpeg 2.0.1 multiple problems

Hi

Id like to request CVE(s) for FFmpeg 2.0.1, for the changes below:


https://github.com/FFmpeg/FFmpeg/commit/e43a0a232dbf6d3c161823c2e07c52e76227a1bc
Out of array (on heap) write
Found-by: wm4


https://github.com/FFmpeg/FFmpeg/commit/2960576378d17d71cc8dccc926352ce568b5eec1
https://trac.ffmpeg.org/ticket/2842
testcase and valgrind output on bugtracker above
Out of array (on heap) write
Found-by: Piotr Bandurski <ami_stuff@...pl>


https://github.com/FFmpeg/FFmpeg/commit/c94f9e854228e0ea00e1de8769d8d3f7cab84a55
Found-by: Laurent Butti <laurentb@...il.com>
Wrong return code that could lead to NULL+offset to be written to after memory
allocation failure

Thanks
-- 
Michael     GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB

There will always be a question for which you do not know the correct answer.

Download attachment "signature.asc" of type "application/pgp-signature" (199 bytes)

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.