[Bug 1143244] VUL-0: CVE-2019-14371: libav: in version 12.3, there is an infinite loop in the function mov_probe in the file libavformat/mov.c, related to offset and tag

avconv -y -i poc /dev/null avconv version 12.3, Copyright (c) 2000-2018 the Libav developers built on Mar 26 2018 12:39 with gcc 7 (SUSE Linux) [mov,mp4,m4a,3gp,3g2,mj2 @ 0x55f3b86b5320] moov atom not found

http://bugzilla.suse.com/show_bug.cgi?id=1143244 http://bugzilla.suse.com/show_bug.cgi?id=1143244#c1 Antonio Larrosa changed: What |Removed |Added ---------------------------------------------------------------------------- Assignee|alarrosa@suse.com |security-team@suse.de --- Comment #1 from Antonio Larrosa --- Note that our libav package has this in %prep: rm -Rf libavcodec libavdevice libavfilter libavformat libavresample libavutil libswscale And then the ffmpeg libraries are used to generate only the libav-tools package. I tested the poc file in Leap 15.0 and TW. In both cases, error messages are shown and no infinite loop is entered, so we don't seem to be affected: poc: Invalid data found when processing input So I suggest marking this as resolved/invalid -- You are receiving this mail because: You are on the CC list for the bug.