Bug#342207: ffmpeg: Exploitable heap overflow in libavcodec's image handling
Hi, On Tue, Dec 06, 2005 at 10:41:08AM +0100, Moritz Muehlenhoff wrote: > Package: ffmpeg > Version: 0.cvs20050918-5 > Severity: grave > Tags: security > Justification: user security hole > > An exploitable heap overflow has been found in libavcodec's handling > of images with PIX_FMT_PAL8 pixel formats. Please see > http://article.gmane.org/gmane.comp.video.ffmpeg.devel/26558 > for more information and a demo image. > > Upstream's fix can be found at > http://mplayerhq.hu/pipermail/ffmpeg-cvslog/2005-December/000979.html I have an NMU ready to fix this. Please tell me soon if you'd like me not to upload it. It might be a better idea to make a new cvs snapshot, feel free to tell me if I can help. Cheers, Samuel. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#342207: ffmpeg: Exploitable heap overflow in libavcodec's image handling
Package: ffmpeg Version: 0.cvs20050918-5 Severity: grave Tags: security Justification: user security hole An exploitable heap overflow has been found in libavcodec's handling of images with PIX_FMT_PAL8 pixel formats. Please see http://article.gmane.org/gmane.comp.video.ffmpeg.devel/26558 for more information and a demo image. Upstream's fix can be found at http://mplayerhq.hu/pipermail/ffmpeg-cvslog/2005-December/000979.html Cheers, Moritz -- System Information: Debian Release: testing/unstable APT prefers unstable APT policy: (500, 'unstable') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.14-2-686 Locale: LANG=C, [EMAIL PROTECTED] (charmap=ISO-8859-15) Versions of packages ffmpeg depends on: ii libc6 2.3.5-8.1GNU C Library: Shared libraries an ii libdc1394-131.1.0-2 high level programming interface f ii libfreetype62.1.10-1 FreeType 2 font engine, shared lib ii libgsm1 1.0.10-13Shared libraries for GSM speech co ii libimlib2 1.2.1-2 powerful image loading and renderi ii libogg0 1.1.2-1 Ogg Bitstream Library ii libraw1394-50.10.1-1.1 library for direct access to IEEE ii libsdl1.2debian 1.2.9-0.0Simple DirectMedia Layer ii libtheora0 0.0.0.alpha4-1.1 The Theora Video Compression Codec ii libvorbis0a 1.1.0-1 The Vorbis General Audio Compressi ii libvorbisenc2 1.1.0-1 The Vorbis General Audio Compressi ii libx11-66.8.2.dfsg.1-11 X Window System protocol client li ii xlibs 6.8.2.dfsg.1-11 X Window System client libraries m ii zlib1g 1:1.2.3-8compression library - runtime ffmpeg recommends no packages. -- no debconf information -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
