Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Wed, 17 Aug 2016 23:28:51 -0400 (EDT)
From: cve-assign@...re.org
To: ago@...too.org
Cc: cve-assign@...re.org, oss-security@...ts.openwall.com
Subject: Re: libav: heap-based buffer overflow in ff_audio_resample (resample.c)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

> I documented a crash in libav here:
> https://blogs.gentoo.org/ago/2016/08/07/libav-heap-based-buffer-overflow-in-ff_audio_resample-resample-c/

> AddressSanitizer: heap-buffer-overflow
> WRITE of size 2

> https://git.libav.org/?p=libav.git;a=commit;h=0ac8ff618c5e6d878c547a8877e714ed728950ce

> This bug does not affect ffmpeg.

Use CVE-2016-6832.

- -- 
CVE Assignment Team
M/S M300, 202 Burlington Road, Bedford, MA 01730 USA
[ A PGP key is available for encrypted communications at
  http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJXtSTHAAoJEHb/MwWLVhi2ndEP/3JqSSUZDxnNmDkthAetf8Ft
VI/misT4mhNA8YZE7RfjwZSwfXHP+OhGSYaWLjnhIMokfM+m01YCtDL/L72+6cMw
bvxRHqgrVxACMQT+Z3Thn2huEDQ3bzLAikid1fi/x+wptuipDwmxhuGit4jATbMM
R/y1IgWaOOMjm+nDeQkcG9NNvvPlyYVz4tRk/t5ScmLzZva7W6oFoVqFvvGxSwp6
PLmkjDBqHk0/orHswFwzliaHTnnMeeIv/KJvkVBK+5ZeBR3d7IEFuCM8IMjzSBT8
Fu7ltqNqzGVCX3+3U+IUnVxB1Scjzf06d+zVNpibXwnr5TE4kM6+rSadryVXafRp
9biKl2Hkn+wuDt2iy9a1kkUXR2Fk7M6Bb96eOL0VgUUVM6Da3aK5TodveEiMqi0m
wXR+moGTzyfEDAH79TIT7wJbP5+cP7dE1l6R38E5ABdZ6tLuc3DFJJyA8gYwKw6s
tr2JkDyuO4CIsa9/gAcSPzvlKr2vVDXJeCgk9UxcquZnnNYbe37ZK593WZUosTL7
ZjRgOC8MAGK8KrmIANdec9SIZx0FZzMNegYC2Wj8iz32/KK5NCeky1SPaZ0q6lOk
SWLIXLVksg2Y7vgawgY0XkkWsk8kMY+AZlGtRTM7U2ttFiQ++RbzHo+cuFB90rdZ
6A8bgdTD+jVp1nMI9oX7
=KScB
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ