http://bugzilla.opensuse.org/show_bug.cgi?id=1022922
Bug ID: 1022922
Summary: VUL-0: ffmpeg: remote exploitaion results code
execution [ 3 - ffserver.c ]
Classification: openSUSE
Product: openSUSE Distribution
Version: Leap 42.2
Hardware: Other
OS: Other
Status: NEW
Severity: Normal
Priority: P5 - None
Component: Security
Assignee: security-team@suse.de
Reporter: mikhail.kasimov@gmail.com
QA Contact: qa-bugs@suse.de
Found By: ---
Blocker: ---
Ref: http://seclists.org/oss-sec/2017/q1/245
===================================================
This letter is a result of research made by Emil Lerner > and
Pavel Cheremushkin > and it is supposed to disclosed
multiple issues we managed to find and exploit in FFmpeg software. Despite that
all vulnerabilities have been
successfully patched by FFmpeg developers this letter is supposed to clarify
all these issues and show that they are
exploitable.
--[ 3 - ffserver.c ]
This issue is completely like the first one and it results heap overflow.
This issue was fixed in
https://github.com/FFmpeg/FFmpeg/commit/a5d25faa3f4b18dac737fdb35d0dd68eb0dc...
===================================================
Comment on Ref: http://seclists.org/oss-sec/2017/q1/251
===================================================
In case anyone else is curious, here are the corresponding commits
reachable from the n3.2.2 release tag:
https://github.com/FFmpeg/FFmpeg/commit/c12ee64e80af2517005231388fdf4ea78f16...
===================================================
(open-)SUSE: https://software.opensuse.org/package/ffmpeg
TW: 3.2.22
42.2: 3.2
42.1: 2.8.8
--
You are receiving this mail because:
You are on the CC list for the bug.