Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [day] [month] [year] [list]
Date: Thu, 03 May 2012 12:53:23 -0500
From: Jamie Strandboge <>
To: oss-security <>
Cc: Michael Niedermayer <>, 
	Måns Rullgård
Subject: Security issue in libav/ffmpeg

A heap corruption security bug[1] was reported by Fabian Yamaguchi
against libav in Ubuntu. This issue also affected ffmpeg.

This issue is now public and has been assigned CVE-2012-0947.

Attached is a patch from upstream libav to fix the issue (thanks to Måns
Rullgård). While the issue also affected ffmpeg, upstream ffmpeg fixed
this some time ago in 3583c8706df0abbfa3ecdd6730f4f3d72a01fe6d.


Jamie Strandboge             |

View attachment "0001-vqavideo-return-error-if-image-size-is-not-a-multipl.patch" of type "text/x-patch" (1226 bytes)

Download attachment "signature.asc" of type "application/pgp-signature" (837 bytes)

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.