Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [day] [month] [year] [list]
Date: Thu, 03 May 2012 12:53:23 -0500
From: Jamie Strandboge <>
To: oss-security <>
Cc: Michael Niedermayer <>, 
	Måns Rullgård
Subject: Security issue in libav/ffmpeg

A heap corruption security bug[1] was reported by Fabian Yamaguchi
against libav in Ubuntu. This issue also affected ffmpeg.

This issue is now public and has been assigned CVE-2012-0947.

Attached is a patch from upstream libav to fix the issue (thanks to Måns
Rullgård). While the issue also affected ffmpeg, upstream ffmpeg fixed
this some time ago in 3583c8706df0abbfa3ecdd6730f4f3d72a01fe6d.


Jamie Strandboge             |

View attachment "0001-vqavideo-return-error-if-image-size-is-not-a-multipl.patch" of type "text/x-patch" (1226 bytes)

Download attachment "signature.asc" of type "application/pgp-signature" (837 bytes)

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ