oss-sec: CVE request: opus codec before 1.0.2

Nmap Security Scanner
- Intro
- Ref Guide
- Install Guide
- Download
- Changelog
- Book
- Docs
Security Lists
- Nmap Hackers
- Nmap Dev
- Bugtraq
- Full Disclosure
- Pen Test
- Basics
- More
Security Tools
Site News
Advertising
About/Contact
Sponsors:

oss-sec mailing list archives

CVE request: opus codec before 1.0.2

From: Hanno Böck <hanno () hboeck de>
Date: Tue, 11 Dec 2012 13:32:25 +0100

http://lists.xiph.org/pipermail/opus/2012-December/001846.html

sounds like a low-severity security issue:

"Opus 1.0.2 fixes an out-of-bounds read that could be triggered by a
malicious Opus packet by causing an integer wrap-around in the padding
code. Considering that the packet would have to be at least 16 MB in
size and that no out-of-bounds write is possible, the severity is very
low."

Fixed in opus 1.0.2.

-- 
Hanno Böck              mail/jabber: hanno () hboeck de
GPG: BBB51E42           http://www.hboeck.de/

Attachment: signature.asc
Description:

By Date By Thread

Current thread:

CVE request: opus codec before 1.0.2 Hanno Böck (Dec 11)
- Re: CVE request: opus codec before 1.0.2 Kurt Seifried (Dec 11)
  - Re: CVE request: opus codec before 1.0.2 Hanno Böck (Dec 13)
    - Re: CVE request: opus codec before 1.0.2 Kurt Seifried (Dec 13)