Mailinglist Archive: opensuse-bugs (6588 mails)

< Previous Next >
[Bug 1143244] VUL-0: CVE-2019-14371: libav: in version 12.3, there is an infinite loop in the function mov_probe in the file libavformat/mov.c, related to offset and tag
  • From: bugzilla_noreply@xxxxxxxxxx
  • Date: Wed, 31 Jul 2019 15:06:09 +0000
  • Message-id: <bug-1143244-21960-JS9l1dcMAE@http.bugzilla.suse.com/>
http://bugzilla.suse.com/show_bug.cgi?id=1143244
http://bugzilla.suse.com/show_bug.cgi?id=1143244#c1

Antonio Larrosa <alarrosa@xxxxxxxx> changed:

What |Removed |Added
----------------------------------------------------------------------------
Assignee|alarrosa@xxxxxxxx |security-team@xxxxxxx

--- Comment #1 from Antonio Larrosa <alarrosa@xxxxxxxx> ---
Note that our libav package has this in %prep:
rm -Rf libavcodec libavdevice libavfilter libavformat libavresample libavutil
libswscale

And then the ffmpeg libraries are used to generate only the libav-tools
package.

I tested the poc file in Leap 15.0 and TW. In both cases, error messages are
shown and no infinite loop is entered, so we don't seem to be affected:

avconv -y -i poc /dev/null
avconv version 12.3, Copyright (c) 2000-2018 the Libav developers
built on Mar 26 2018 12:39 with gcc 7 (SUSE Linux)
[mov,mp4,m4a,3gp,3g2,mj2 @ 0x55f3b86b5320] moov atom not found
poc: Invalid data found when processing input

So I suggest marking this as resolved/invalid

--
You are receiving this mail because:
You are on the CC list for the bug.
< Previous Next >