Bug#785326: libavcodec56: CVE-2014-7937 - Multiple off-by-one errors in libavcodec/vorbisdec.c
Alessandro Ghedini
ghedo at debian.org
Fri May 15 13:22:28 UTC 2015
On Fri, May 15, 2015 at 11:05:17AM +0200, Sebastian Ramacher wrote:
> Version: 6:11.3-1
>
> On 2015-05-14 20:41:15, Arne Wichmann wrote:
> > Package: libavcodec56
> > Version: 6:11.3-2
> > Severity: grave
> > Tags: security
> > Justification: user security hole
> >
> > Hi, as far as I can see this has not yet been reported or fixed:
> >
> > CVE-2014-7937 : Multiple off-by-one errors in libavcodec/vorbisdec.c in
> > FFmpeg before 2.4.2, as used in Google Chrome before 40.0.2214.91, allow
> > remote attackers to cause a denial of service (use-after-free) or possibly
> > have unspecified other impact via crafted Vorbis I data [1]
> >
> > I marked this as grave as the impact is unclear and might include arbitrary
> > code execution. Feel free do downgrade if this can be ruled out.
> >
> > (Actually I would like to have a look at the test case to check a bit more
> > thoroughly, but AFAICS I would need to talk to google for this.)
> >
> > [1] https://security-tracker.debian.org/tracker/CVE-2014-7937
> > https://lists.libav.org/pipermail/libav-devel/2015-January/066433.html
>
> A similar commit to the one maintained in this mailing list post was applied to
> 11.3. So closing with that version.
Do you mean the patch at [0]? Honestly it doesn't look like the ffmpeg patch at
all, and the commit message doesn't even mention the bug fix. How can you be so
sure that the bug is fixed?
Cheers
[0] https://github.com/libav/libav/commit/0025f7408a0fab2cab4a950064e4784a67463994
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-multimedia-maintainers/attachments/20150515/4f04974a/attachment.sig>
More information about the pkg-multimedia-maintainers
mailing list