Mailinglist Archive: opensuse-bugs (6588 mails)

< Previous Next >
[Bug 1143561] VUL-0: CVE-2019-14442: libav: an input file can result in infinite loop and hang, with 100% CPU consumption leading to DOS
  • From: bugzilla_noreply@xxxxxxxxxx
  • Date: Wed, 31 Jul 2019 14:23:39 +0000
  • Message-id: <bug-1143561-21960-IFho9WA47O@http.bugzilla.opensuse.org/>
http://bugzilla.opensuse.org/show_bug.cgi?id=1143561
http://bugzilla.opensuse.org/show_bug.cgi?id=1143561#c1

--- Comment #1 from Antonio Larrosa <alarrosa@xxxxxxxx> ---
Note that libav has this in %prep:
rm -Rf libavcodec libavdevice libavfilter libavformat libavresample libavutil
libswscale

And then the ffmpeg libraries are used to generate only the libav-tools
package.

Also, this error seems to be fixed by this commit from 4 years ago in ffmpeg:
https://github.com/FFmpeg/FFmpeg/commit/56cc024220886927350cfc26ee695062ca7ecaf4

Finally, I tested that indeed, I can't reproduce the problem with the poc file
and our version of avconv that uses the ffmpeg libraries (in Leap 15.0 and TW)

avconf -i poc1 -f /dev/null
avconv version 12.3, Copyright (c) 2000-2018 the Libav developers
built on Mar 26 2018 12:39 with gcc 7 (SUSE Linux)
Trailing options were found on the commandline.
[mpc8 @ 0x55f0ab538680] Stream header not found
poc1: Invalid data found when processing input

So I think this can be safely marked as resolved/invalid.

--
You are receiving this mail because:
You are on the CC list for the bug.
< Previous Next >
References