oss-security - Re: libav: divide-by-zero in sbr_make_f

Follow @Openwall on Twitter for new release announcements and other news

[<prev] [next>] [<thread-prev] [day] [month] [year] [list]

Date: Wed, 21 Sep 2016 12:31:26 -0400 (EDT)
From: cve-assign@...re.org
To: ago@...too.org
Cc: cve-assign@...re.org, oss-security@...ts.openwall.com
Subject: Re: libav: divide-by-zero in sbr_make_f_master (aacsbr.c)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

> https://blogs.gentoo.org/ago/2016/09/21/libav-divide-by-zero-in-sbr_make_f_master-aacsbr-c/
> 
> A fuzzing with an mp3 file as input discovered a divide-by-zero in 
> sbr_make_f_master.
> 
> AddressSanitizer: FPE on unknown address
> 
> sbr_make_f_master libav-11.7/libavcodec/aacsbr.c:338:57

Use CVE-2016-7499.

- -- 
CVE Assignment Team
M/S M300, 202 Burlington Road, Bedford, MA 01730 USA
[ A PGP key is available for encrypted communications at
  http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJX4rUMAAoJEHb/MwWLVhi2TS4QALQBNhZyy3tqN5IIDyejpudo
xKtiPEOe7lHzgMTm9I25aAJcUHZGGdHcoY3rgdQtLZTdME8OejjOrHg0znNmmkDZ
fjwbFxuVo9bwJ8Wa7X4YkHvX55hDmvtlwCyJjl31NmykEjx0hVpaiLGln6zLscX8
YRBbJwkYsm0EWgNC1FIU3DfhGv7DG6GLGUjhFdqumik/gyhaHGd4FtYLm5AMFI9X
bMyr9joOSUm5RobISMRfmNkye9UTtKFqNUxrLUMHGq4evUys9bsW1oY1Brfv0JxD
M2LQoB7nWNE8hM5lQUVfVHxp1ztSoDqOmtD9BjN2eI4f2xhJgPfPHc9SrgCjvrty
p/zAmLiLCI3bjNOMxkBruX5V/QFFUsJfN9UTRrU6sBsk2ysCsUDN+pXUfacOMuhj
XBwMp3pRpoCI+JDu6eNaCBT3qAhJTSL53euHavNQvyCRdFI7MJ9JbQFZ0UQFfOUO
OlBtAsQO6iACBo+BqlzO0rpDEYhfrgW5jqo+teGSO3YHuEAUUwRzxGuLSoVBpHgn
fw450fVgijaxG2RzUXB7X9PqNqyIouWrK3GlOUXgwPiVLwBuhnoHfzllqAPSOtqI
vn7WZjnZkslWfjKCqzvb4YzSWWbzOxppmMha59K3/KRUU5E5kc2lZe9izeM4/WVN
GkH5FjtTGwj8lJCz2jDd
=BEMY
-----END PGP SIGNATURE-----

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.