Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Mon, 26 Sep 2016 11:34:05 +0200
From: Hanno Böck <hanno@...eck.de>
To: oss-security@...ts.openwall.com
Subject: Re: Re: ffmpeg afl bugs

Hello,

On Mon, 26 Sep 2016 01:45:40 -0400 (EDT)
cve-assign@...re.org wrote:

> > overread end of atom 'stsd' by 4294967134 bytes  
> 
> Use CVE-2016-7554.

I don't think this is any vuln.

This is a warning message from ffmpeg itself, not from any memory
safety tool. Thus I interpret this as "this file is garbled and would
overread if we'd do what the file offsets indicate".

It probably indicated a bug that Michal originally found with this
file, but that happened long ago. The file is from Dec 2014 (looks like
this [1]).


[1] https://ffmpeg.org/pipermail/ffmpeg-cvslog/2014-December/084342.html
-- 
Hanno Böck
https://hboeck.de/

mail/jabber: hanno@...eck.de
GPG: FE73757FA60E4E21B937579FA5880072BBB51E42

[ CONTENT OF TYPE application/pgp-signature SKIPPED ]

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ