Home page logo
/

oss-sec logo oss-sec mailing list archives

Re: CVE Request: ffmpeg
From: Kurt Seifried <kseifried () redhat com>
Date: Sun, 04 Dec 2011 11:36:31 -0700

On 12/04/2011 04:06 AM, Marc Deslauriers wrote:
Hello,

This doesn't seem to have a CVE:

An error within the "svq1_decode_frame()" function
(libavcodec/svq1dec.c) can be exploited to corrupt memory.

http://git.videolan.org/?p=ffmpeg.git;a=commit;h=4931c8f0f10bf8dedcf626104a6b85bfefadc6f2

http://secunia.com/advisories/46888/
http://archives.neohapsis.com/archives/bugtraq/2011-11/0148.html


Thanks,

Marc.


The secunia page lists 3 CVE's and 4 issues with no mappings to CVE's to
issues that I can see. Can you reply with the mapping information that
you used to determine that this issue was not assigned a CVE (as opposed
to one of the other issues)?. Also can you confirm or proove that these
4 issues are all separate and that two of them have not been merged
(thus obviating any need for a third CVE)? Thanks in advance. If anyone
from Secunia is on this list I'd love to hear from you/any comments on
this issue are more then welcome.

-- 

-Kurt Seifried / Red Hat Security Response Team


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault