Mailinglist Archive: opensuse-bugs (6588 mails)

< Previous Next >
[Bug 1143243] VUL-0: CVE-2019-14372: libav: in version 12.3, there is an infinite loop in the function wv_read_block_header() in the file wvdec.c.
  • From: bugzilla_noreply@xxxxxxxxxx
  • Date: Wed, 31 Jul 2019 15:12:47 +0000
  • Message-id: <bug-1143243-21960-cLBbOvap6U@http.bugzilla.suse.com/>
http://bugzilla.suse.com/show_bug.cgi?id=1143243
http://bugzilla.suse.com/show_bug.cgi?id=1143243#c1

Antonio Larrosa <alarrosa@xxxxxxxx> changed:

What |Removed |Added
----------------------------------------------------------------------------
Assignee|alarrosa@xxxxxxxx |security-team@xxxxxxx

--- Comment #1 from Antonio Larrosa <alarrosa@xxxxxxxx> ---
Note that our libav package has this in %prep:
rm -Rf libavcodec libavdevice libavfilter libavformat libavresample libavutil
libswscale

And then the ffmpeg libraries are used to generate only the libav-tools
package.

I tested the poc file from https://bugzilla.libav.org/show_bug.cgi?id=1165#c1
in Leap 15.0 and TW. In both cases, error messages are shown and no infinite
loop is entered, so we don't seem to be affected:

avconv version 12.3, Copyright (c) 2000-2018 the Libav developers
built on Mar 26 2018 12:39 with gcc 9 (SUSE Linux)
[wv @ 0x55d6a4e6e700] Could not find codec parameters for stream 0 (Audio:
wavpack, 9600 Hz, 0 channels): unspecified sample format
Consider increasing the value for the 'analyzeduration' and 'probesize' options
Input #0, wv, from '/home/antonio/Downloads/pocc':
Duration: 47:16:24.57, start: 0.000000, bitrate: N/A
Stream #0:0: Audio: wavpack, 9600 Hz, 0 channels
Unable to find a suitable output format for '/dev/null'

So I suggest marking this as resolved/invalid

--
You are receiving this mail because:
You are on the CC list for the bug.
< Previous Next >