Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Mon, 26 Sep 2016 01:45:40 -0400 (EDT)
From: cve-assign@...re.org
To: cookieopfer@....net
Cc: cve-assign@...re.org, oss-security@...ts.openwall.com
Subject: Re: ffmpeg afl bugs

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

> ffmpeg version N-81723-g6d9a46e Copyright (c) 2000-2016 the FFmpeg developers
> 
> /usr/share/doc/afl/vuln_samples/ffmpeg-h264-call-stack-overflow.mp4
> 
> Input #0, mov,mp4,m4a,3gp,3g2,mj2
> 
> overread end of atom 'stsd' by 4294967134 bytes

Use CVE-2016-7554.

- -- 
CVE Assignment Team
M/S M300, 202 Burlington Road, Bedford, MA 01730 USA
[ A PGP key is available for encrypted communications at
  http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJX6LUTAAoJEHb/MwWLVhi2MggP/1SfPxFGyp8gOPQyeKFxcSJl
g3T8gAdp9OMOj3Qru+dH+qwBIYKomr0T+k6w5qv/ihaihqI2tuDV/lytFJ29asee
7yuc4TFnQRFHShXqnAnjzgDHSb86pK5QfwQQAAyIp8U3oCkmuLe22JcionfW1gQy
hDmz/6jz7/k5MzYyTAV3h0jq3y9QQLLnn2IOofUVm915kaa2JiLoRe3U2P+OCaN4
o1rMsYxlqKgxQg4B5+IyXYTlczeqEioaYeW3lvfploX2ji+scfdN+5Q5y802Hc8b
HB5Ia3+L1bUeHVbNUTDvXzaTUPl+L68eVvsj4E0FJXcbwdG+07hQBcDOwXo3OhoR
6707noYWX6v6lNlYObCJRTbrUYbj5YOHDdiHg6spVyehlBQPEnCtZzxXp7GAM+SE
xOsyArQYWO4f8N12dHyVNvc8sywF5mU0LNwELE2eROjmHURf/i9tVzr5CWzQUaGN
JPSLLpfQR+ex6D91+gCn+RcNqVXfxOpccjnUe+t9xQhnDPbdkZ+FhV1gP6WKPfwG
yaMvAoWkZkDE3SlikQaF66giuXPltQX/pMbyRi6SCFD+0VLjbDQU68C0S6nYDhND
G55sKC8WYZfR2aCiJ/d8ZhvtTaYk6HOfNG/l/dJrM1nXMGxnHPuLwXXO4DAIHc8Y
yi+xnI3SJRzi3a00kOI0
=Tla5
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ