Mailinglist Archive: opensuse-bugs (6588 mails)

< Previous Next >
[Bug 1143244] VUL-0: CVE-2019-14371: libav: in version 12.3, there is an infinite loop in the function mov_probe in the file libavformat/mov.c, related to offset and tag
  • From: bugzilla_noreply@xxxxxxxxxx
  • Date: Wed, 31 Jul 2019 15:06:09 +0000
  • Message-id: <>

Antonio Larrosa <alarrosa@xxxxxxxx> changed:

What |Removed |Added
Assignee|alarrosa@xxxxxxxx |security-team@xxxxxxx

--- Comment #1 from Antonio Larrosa <alarrosa@xxxxxxxx> ---
Note that our libav package has this in %prep:
rm -Rf libavcodec libavdevice libavfilter libavformat libavresample libavutil

And then the ffmpeg libraries are used to generate only the libav-tools

I tested the poc file in Leap 15.0 and TW. In both cases, error messages are
shown and no infinite loop is entered, so we don't seem to be affected:

avconv -y -i poc /dev/null
avconv version 12.3, Copyright (c) 2000-2018 the Libav developers
built on Mar 26 2018 12:39 with gcc 7 (SUSE Linux)
[mov,mp4,m4a,3gp,3g2,mj2 @ 0x55f3b86b5320] moov atom not found
poc: Invalid data found when processing input

So I suggest marking this as resolved/invalid

You are receiving this mail because:
You are on the CC list for the bug.
< Previous Next >