Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sun, 04 Dec 2016 23:35:18 +0100
From: Agostino Sarubbo <ago@...too.org>
To: oss-security@...ts.openwall.com
Cc: cve-assign@...re.org
Subject: Re: libav: multiple crashes from the Undefined Behavior Sanitizer

On Thursday 01 December 2016 14:30:33 Agostino Sarubbo wrote:
> Affected version / Tested on:
> 11.8
> Output/failure:
> /tmp/portage/media-
> video/libav-11.8/work/libav-11.8/libavcodec/get_bits.h:530:5: runtime error:
> load of null pointer of type ‘int16_t’ (aka ‘short’)
> Commit fix:
> N/A
> Fixed version:
> N/A
> Testcase:
> https://github.com/asarubbo/poc/blob/master/00042-libav-loadnullptr-get_bits
> _h

Please ignore the issue above. It was already tracked as CVE-2016-8676.



-- 
Agostino Sarubbo
Gentoo Linux Developer

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ