Mailinglist Archive: opensuse-bugs (6588 mails)

< Previous Next >
[Bug 1143561] VUL-0: CVE-2019-14442: libav: an input file can result in infinite loop and hang, with 100% CPU consumption leading to DOS
  • From: bugzilla_noreply@xxxxxxxxxx
  • Date: Wed, 31 Jul 2019 14:23:39 +0000
  • Message-id: <>

--- Comment #1 from Antonio Larrosa <alarrosa@xxxxxxxx> ---
Note that libav has this in %prep:
rm -Rf libavcodec libavdevice libavfilter libavformat libavresample libavutil

And then the ffmpeg libraries are used to generate only the libav-tools

Also, this error seems to be fixed by this commit from 4 years ago in ffmpeg:

Finally, I tested that indeed, I can't reproduce the problem with the poc file
and our version of avconv that uses the ffmpeg libraries (in Leap 15.0 and TW)

avconf -i poc1 -f /dev/null
avconv version 12.3, Copyright (c) 2000-2018 the Libav developers
built on Mar 26 2018 12:39 with gcc 7 (SUSE Linux)
Trailing options were found on the commandline.
[mpc8 @ 0x55f0ab538680] Stream header not found
poc1: Invalid data found when processing input

So I think this can be safely marked as resolved/invalid.

You are receiving this mail because:
You are on the CC list for the bug.
< Previous Next >