Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Sat, 17 Sep 2016 12:50:41 +0200
From: Agostino Sarubbo <ago@...too.org>
To: oss-security@...ts.openwall.com
Cc: cve-assign@...re.org
Subject: Re: Re: libav: NULL pointer dereference in put_no_rnd_pixels8_xy2_mmx (rnd_template.c)

On Friday 16 September 2016 21:49:19 cve-assign@...re.org wrote:
> >> mpegvideo_motion: Handle edge emulation even without unrestricted_mv
> >> 
> >> Fix out of bounds read.
> >> 
> >> libavcodec/mpegvideo_motion.c
> 
> Use CVE-2016-7424.

I would like to mention that the upstream git commit is wrong.
This issue is a NULL pointer access and not an out-of-bounds

I already pinged an upstream developer to notify the discrepancy but I guess 
that their git does not allow to edit the message for the commit already 
pushed.

-- 
Agostino Sarubbo
Gentoo Linux Developer

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ