Date: Wed, 21 Aug 2013 02:25:48 +0200 From: Michael Niedermayer <michaelni@....at> To: Open Source Security <oss-security@...ts.openwall.com> Cc: ffmpeg-security@...peg.org Subject: CVE Request: FFmpeg 2.0.1 multiple problems Hi Id like to request CVE(s) for FFmpeg 2.0.1, for the changes below: https://github.com/FFmpeg/FFmpeg/commit/e43a0a232dbf6d3c161823c2e07c52e76227a1bc Out of array (on heap) write Found-by: wm4 https://github.com/FFmpeg/FFmpeg/commit/2960576378d17d71cc8dccc926352ce568b5eec1 https://trac.ffmpeg.org/ticket/2842 testcase and valgrind output on bugtracker above Out of array (on heap) write Found-by: Piotr Bandurski <ami_stuff@...pl> https://github.com/FFmpeg/FFmpeg/commit/c94f9e854228e0ea00e1de8769d8d3f7cab84a55 Found-by: Laurent Butti <laurentb@...il.com> Wrong return code that could lead to NULL+offset to be written to after memory allocation failure Thanks -- Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB There will always be a question for which you do not know the correct answer. Download attachment "signature.asc" of type "application/pgp-signature" (199 bytes)
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.