Mailinglist Archive: opensuse-bugs (6588 mails)

< Previous Next >
[Bug 1143556] VUL-0: CVE-2019-14441: libav: access violation allows remote attackers to cause a denial of service
  • From: bugzilla_noreply@xxxxxxxxxx
  • Date: Wed, 31 Jul 2019 14:39:43 +0000
  • Message-id: <bug-1143556-21960-CIPGt3bYr4@http.bugzilla.opensuse.org/>
http://bugzilla.opensuse.org/show_bug.cgi?id=1143556
http://bugzilla.opensuse.org/show_bug.cgi?id=1143556#c2

Antonio Larrosa <alarrosa@xxxxxxxx> changed:

What |Removed |Added
----------------------------------------------------------------------------
Assignee|alarrosa@xxxxxxxx |security-team@xxxxxxx

--- Comment #2 from Antonio Larrosa <alarrosa@xxxxxxxx> ---
Note that our libav package has this in %prep:
rm -Rf libavcodec libavdevice libavfilter libavformat libavresample libavutil
libswscale

And then the ffmpeg libraries are used to generate only the libav-tools
package.

I tested the poc files in Leap 15.0 and TW. In both cases, error messages are
shown and no crash happens, so we don't seem to be affected:

avconv -i poc2-SegFaultOnPcNearNull.qt -f /dev/null
avconv version 12.3, Copyright (c) 2000-2018 the Libav developers
built on Mar 26 2018 12:39 with gcc 7 (SUSE Linux)
Trailing options were found on the commandline.
[mov,mp4,m4a,3gp,3g2,mj2 @ 0x56432a96e680] stream 0, offset 0x10b8: partial
file
[mov,mp4,m4a,3gp,3g2,mj2 @ 0x56432a96e680] Could not find codec parameters for
stream 1 (Video: mjpeg (mjpa / 0x61706A6D), none(bt470bg/unknown/unknown, top
first), 160x120, 36 kb/s): unspecifi ed pixel format
Consider increasing the value for the 'analyzeduration' and 'probesize' options
Guessed Channel Layout for Input Stream #0.0 : stereo
Input #0, mov,mp4,m4a,3gp,3g2,mj2, from 'poc2-SegFaultOnPcNearNull.qt':
Metadata:
major_brand : qt
minor_version : 537199360
compatible_brands: qt
creation_time : 2012-10-29T23:55:03.000000Z
Duration: 07:47:14.03, start: 0.000000, bitrate: 0 kb/s
Stream #0:0(eng): Audio: qdm2 (QDM2 / 0x324D4451), 48000 Hz, 2 channels
(default)
Metadata:
rotate : 0.222935
creation_time : 2012-10-29T23:55:03.000000Z
handler_name : Procedura obs�ugi skr�t�w danych Apple
Stream #0:1(eng): Video: mjpeg (mjpa / 0x61706A6D),
none(bt470bg/unknown/unknown, top first), 160x120, 36 kb/s, 0.25 fps, 0.25 tbr,
1 tbn, 1 tbc (default)
Metadata:
rotate : 0.222935
creation_time : 2012-10-29T23:55:03.000000Z
handler_name : Procedura obs�ugi skr�t�w danych Apple
encoder : Motion JPEG A
Side data:
displaymatrix: rotation of -0.22 degrees
At least one output file must be specified


avconv -i poc3-FloatingPointException -f /dev/null
avconv version 12.3, Copyright (c) 2000-2018 the Libav developers
built on Mar 26 2018 12:39 with gcc 7 (SUSE Linux)
Trailing options were found on the commandline.
Ignoring attempt to set invalid timebase 1/0 for st:0
[ape @ 0x55bb8c0fc680] Could not find codec parameters for stream 0 (Audio: ape
(APE / 0x20455041), 1 channels): unspecified sample format
Consider increasing the value for the 'analyzeduration' and 'probesize' options
Guessed Channel Layout for Input Stream #0.0 : mono
Input #0, ape, from 'poc3-FloatingPointException':
Duration: 03:04:56.93, start: 0.000000, bitrate: 0 kb/s
Stream #0:0: Audio: ape (APE / 0x20455041), 1 channels
At least one output file must be specified

So I suggest marking this as resolved/invalid

--
You are receiving this mail because:
You are on the CC list for the bug.
< Previous Next >
References