Date: Mon, 6 Nov 2017 21:18:51 +0100 From: Salvatore Bonaccorso <carnil@...ian.org> To: oss-security@...ts.openwall.com Cc: 连一汉 <lianyihan@....cn> Subject: Re: [CVE-2017-15186]: ffmpeg: Double free when ffmpeg parsing an craft AVI file to MKV file using ffvhuff decoder Hi On Fri, Oct 20, 2017 at 02:52:21PM +0200, Ludovic Courtès wrote: > Hi, > > 连一汉 <lianyihan@....cn> skribis: > > > FFmpeg trigger double-free when it parsing an craft AVI file to MKV file using ffvhuff decoder. > > [...] > > > This was fixed with the following commit: > > https://www.ffmpeg.org/download.html#releases > > Looks like this is not the URL you intended to share, is it? The fix for this issue appears to be: https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/df62b70de8aaa285168e72fe8f6e740843ca91fa Regards, Salvatore
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.