Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Fri, 16 Sep 2016 21:49:19 -0400 (EDT)
From: cve-assign@...re.org
To: ago@...too.org
Cc: cve-assign@...re.org, oss-security@...ts.openwall.com
Subject: Re: libav: NULL pointer dereference in put_no_rnd_pixels8_xy2_mmx (rnd_template.c)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

> https://blogs.gentoo.org/ago/2016/09/17/libav-null-pointer-dereference-in-put_no_rnd_pixels8_xy2_mmx-rnd_template-c/
> 
> A fuzzing, with an mp3 file as input, discovered a null pointer access in
> put_no_rnd_pixels8_xy2_mmx.
> 
> Input #0, h263, from '9.crashes'
> 
> AddressSanitizer: SEGV on unknown address
> 
> put_no_rnd_pixels8_xy2_mmx libav-11.7/libavcodec/x86/rnd_template.c:37:5
> 
> https://git.libav.org/?p=libav.git;a=commit;h=136f55207521f0b03194ef5b55ba70f1635d6aee

>> mpegvideo_motion: Handle edge emulation even without unrestricted_mv
>> 
>> Fix out of bounds read.
>> 
>> libavcodec/mpegvideo_motion.c

Use CVE-2016-7424.

- -- 
CVE Assignment Team
M/S M300, 202 Burlington Road, Bedford, MA 01730 USA
[ A PGP key is available for encrypted communications at
  http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJX3KC3AAoJEHb/MwWLVhi22mgQAIBJvVTNLEjK2nah32PovlaX
Ttm/nelFwY1rclJ0omateDF2UVID2ha/pI7V14mLiEcf1YfrLa+fh4AsCHOPFcSw
sMxzP79oyiSi5H5zwj4O1RAYD5zi3t4sWyM18cig+Sd10iMhTI6JShcBOtrbL344
o1d/x4DLUoBQIUDx+LVOwIXq5QreSM48mrJANIKhIBu1tzEu41yceD+lr2l05etH
63GgxmF5WOP3vPB7pEr4b21HdfonAKjOjZpevVUhHfzzjP5ccYHDd5bMbwUXwEi8
WO1UhmZPekY3zWTOSSLAaZL8DjtqJg2FIacpHrZk+czjbet4ybOualFfGOyE2Vvh
AMCo5XIR63z73A4e9QbkN/UvxjGnjbY8/lz9poWGvzVfEj2FCaItgXWW1QOgqc/V
Xasq9ZRsrZ25RILLRVA65w4RTEssHN+A6meyvU6Vub/R+M5jbZLqOq1JHvE9C8PO
yjJv1Gdc6evvHM+54QURCjnDIU7XNczvy2ALpfYRC+5S3ILSKuvQ0pbvebXIHofU
XVvAToc04+Bn5wJXQ68H8ZERrKgwS0Od9RFcWNs3tYSXU+P7/A806OiBbxdw8riX
jrxDBGftqSlptgA2tcuyA0pcQFF6yTMLverW9CQdzE1Lsv6+WDh3Nv5iztJQIHrC
3CA42JEkSvBTLCKzrG8z
=OD1P
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ