[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Wed, 17 Aug 2016 23:28:51 -0400 (EDT)
From: cve-assign@...re.org
To: ago@...too.org
Cc: cve-assign@...re.org, oss-security@...ts.openwall.com
Subject: Re: libav: heap-based buffer overflow in ff_audio_resample (resample.c)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
> I documented a crash in libav here:
> https://blogs.gentoo.org/ago/2016/08/07/libav-heap-based-buffer-overflow-in-ff_audio_resample-resample-c/
> AddressSanitizer: heap-buffer-overflow
> WRITE of size 2
> https://git.libav.org/?p=libav.git;a=commit;h=0ac8ff618c5e6d878c547a8877e714ed728950ce
> This bug does not affect ffmpeg.
Use CVE-2016-6832.
- --
CVE Assignment Team
M/S M300, 202 Burlington Road, Bedford, MA 01730 USA
[ A PGP key is available for encrypted communications at
http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBCAAGBQJXtSTHAAoJEHb/MwWLVhi2ndEP/3JqSSUZDxnNmDkthAetf8Ft
VI/misT4mhNA8YZE7RfjwZSwfXHP+OhGSYaWLjnhIMokfM+m01YCtDL/L72+6cMw
bvxRHqgrVxACMQT+Z3Thn2huEDQ3bzLAikid1fi/x+wptuipDwmxhuGit4jATbMM
R/y1IgWaOOMjm+nDeQkcG9NNvvPlyYVz4tRk/t5ScmLzZva7W6oFoVqFvvGxSwp6
PLmkjDBqHk0/orHswFwzliaHTnnMeeIv/KJvkVBK+5ZeBR3d7IEFuCM8IMjzSBT8
Fu7ltqNqzGVCX3+3U+IUnVxB1Scjzf06d+zVNpibXwnr5TE4kM6+rSadryVXafRp
9biKl2Hkn+wuDt2iy9a1kkUXR2Fk7M6Bb96eOL0VgUUVM6Da3aK5TodveEiMqi0m
wXR+moGTzyfEDAH79TIT7wJbP5+cP7dE1l6R38E5ABdZ6tLuc3DFJJyA8gYwKw6s
tr2JkDyuO4CIsa9/gAcSPzvlKr2vVDXJeCgk9UxcquZnnNYbe37ZK593WZUosTL7
ZjRgOC8MAGK8KrmIANdec9SIZx0FZzMNegYC2Wj8iz32/KK5NCeky1SPaZ0q6lOk
SWLIXLVksg2Y7vgawgY0XkkWsk8kMY+AZlGtRTM7U2ttFiQ++RbzHo+cuFB90rdZ
6A8bgdTD+jVp1nMI9oX7
=KScB
-----END PGP SIGNATURE-----
Powered by blists - more mailing lists
Please check out the
Open Source Software Security Wiki, which is counterpart to this
mailing list.
Confused about mailing lists and their use?
Read about mailing lists on Wikipedia
and check out these
guidelines on proper formatting of your messages.
