Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Wed, 21 Sep 2016 09:49:03 -0400 (EDT)
From: cve-assign@...re.org
To: ago@...too.org
Cc: cve-assign@...re.org, oss-security@...ts.openwall.com
Subject: Re: libav: NULL pointer dereference in ff_put_pixels8_xy2_mmx (rnd_template.c)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

> https://blogs.gentoo.org/ago/2016/09/20/libav-null-pointer-dereference-in-ff_put_pixels8_xy2_mmx-rnd_template-c
> 
> A fuzzing with an mp3 file as input discovered a null pointer access in
> ff_put_pixels8_xy2_mmx.
> 
> Input #0, h263, from '70.crashes':
> 
> AddressSanitizer: SEGV on unknown address
> 
> ff_put_pixels8_xy2_mmx libav-11.7/libavcodec/x86/rnd_template.c:37:5

Use CVE-2016-7477.

- -- 
CVE Assignment Team
M/S M300, 202 Burlington Road, Bedford, MA 01730 USA
[ A PGP key is available for encrypted communications at
  http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJX4o9eAAoJEHb/MwWLVhi2CuIP/jzcaY8iY1lPRtz5CJxLaohL
pHTRPAeU2XQOLZfZiQWFX/eUSMT/n7e+hCeqpOkCSsF11zw7sy+DNBFLcVPKYllx
76H/rEMi/MtBuWqRZlL1Qnd6v7zAA6pGWU7gQ4GkCuc9fhxc6RNHvG+YDcGDo/yq
kNb7IhJo0lpA5085OkpfVc1JPq5JTCXGt6u1bJrj6HcV9xwbzoE4WQcamcDAdlPA
xsUocCtcYwymWcZE4yybw64r4A+v9epsQ+ogJVwHmbdWYZIp7h9j8Po71O44Iu2h
20GZYnHC0XKF+IV0kevBbvzHAC61bSWfRXAnRpwlJFeyf2YBjxjXnBqoG+N8mOUJ
4VYm5JUvOp41sYaTSMlTwnZz9YnZRXKWPmk9EsuN0KGqo6b7sSqPEi/tz528Xx8Z
t1A4eObAW4Rdl0xFpgYyf4Av/njeDpBmXFKSMi12WxH0YdLdoFDNxzuydmc9Uvht
Hsy6sll58btw4TKGhu+6nJXTUUL9fo/0rQy45aWfEvIHqjROJujbKD5WCFfZ1TnO
siayvHWExhP/4STeJH2ieaK8ILvO+9KVyxAnmkq7D7r8pgLVpYLRA/lWxuO0z11c
99Ut3P6fPoZy879rIZYDepmClHnlMxu+vFKZMOKPTyeCe/L14/dTokjhSY4Tn0Le
oCjpCbIiqywaUOZu+8qZ
=FID6
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ