Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Mon, 26 Sep 2016 01:45:40 -0400 (EDT)
From: cve-assign@...re.org
To: cookieopfer@....net
Cc: cve-assign@...re.org, oss-security@...ts.openwall.com
Subject: Re: ffmpeg afl bugs

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

> ffmpeg version N-81723-g6d9a46e Copyright (c) 2000-2016 the FFmpeg developers
> 
> /usr/share/doc/afl/vuln_samples/ffmpeg-h264-call-stack-overflow.mp4
> 
> Input #0, mov,mp4,m4a,3gp,3g2,mj2
> 
> overread end of atom 'stsd' by 4294967134 bytes

Use CVE-2016-7554.

- -- 
CVE Assignment Team
M/S M300, 202 Burlington Road, Bedford, MA 01730 USA
[ A PGP key is available for encrypted communications at
  http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJX6LUTAAoJEHb/MwWLVhi2MggP/1SfPxFGyp8gOPQyeKFxcSJl
g3T8gAdp9OMOj3Qru+dH+qwBIYKomr0T+k6w5qv/ihaihqI2tuDV/lytFJ29asee
7yuc4TFnQRFHShXqnAnjzgDHSb86pK5QfwQQAAyIp8U3oCkmuLe22JcionfW1gQy
hDmz/6jz7/k5MzYyTAV3h0jq3y9QQLLnn2IOofUVm915kaa2JiLoRe3U2P+OCaN4
o1rMsYxlqKgxQg4B5+IyXYTlczeqEioaYeW3lvfploX2ji+scfdN+5Q5y802Hc8b
HB5Ia3+L1bUeHVbNUTDvXzaTUPl+L68eVvsj4E0FJXcbwdG+07hQBcDOwXo3OhoR
6707noYWX6v6lNlYObCJRTbrUYbj5YOHDdiHg6spVyehlBQPEnCtZzxXp7GAM+SE
xOsyArQYWO4f8N12dHyVNvc8sywF5mU0LNwELE2eROjmHURf/i9tVzr5CWzQUaGN
JPSLLpfQR+ex6D91+gCn+RcNqVXfxOpccjnUe+t9xQhnDPbdkZ+FhV1gP6WKPfwG
yaMvAoWkZkDE3SlikQaF66giuXPltQX/pMbyRi6SCFD+0VLjbDQU68C0S6nYDhND
G55sKC8WYZfR2aCiJ/d8ZhvtTaYk6HOfNG/l/dJrM1nXMGxnHPuLwXXO4DAIHc8Y
yi+xnI3SJRzi3a00kOI0
=Tla5
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.