Date: Mon, 26 Sep 2016 11:34:05 +0200 From: Hanno Böck <hanno@...eck.de> To: oss-security@...ts.openwall.com Subject: Re: Re: ffmpeg afl bugs Hello, On Mon, 26 Sep 2016 01:45:40 -0400 (EDT) cve-assign@...re.org wrote: > > overread end of atom 'stsd' by 4294967134 bytes > > Use CVE-2016-7554. I don't think this is any vuln. This is a warning message from ffmpeg itself, not from any memory safety tool. Thus I interpret this as "this file is garbled and would overread if we'd do what the file offsets indicate". It probably indicated a bug that Michal originally found with this file, but that happened long ago. The file is from Dec 2014 (looks like this ).  https://ffmpeg.org/pipermail/ffmpeg-cvslog/2014-December/084342.html -- Hanno Böck https://hboeck.de/ mail/jabber: hanno@...eck.de GPG: FE73757FA60E4E21B937579FA5880072BBB51E42 [ CONTENT OF TYPE application/pgp-signature SKIPPED ]
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ