oss-sec mailing list archives
Re: libav: null pointer dereference in get_vlc2 (get_bits.h)
From: cve-assign () mitre org
Date: Sat, 15 Oct 2016 22:42:33 -0400 (EDT)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
https://blogs.gentoo.org/ago/2016/09/07/libav-null-pointer-dereference-in-get_vlc2_get_bits_h/ A crafted file causes a NULL pointer access. AddressSanitizer: SEGV on unknown address 0x7f5273202c6b in get_vlc2 ... libav-11.3/work/libav-11.3/libavcodec/get_bits.h:530:5
https://github.com/libav/libav/commit/e5b019725f53b79159931d3a7317107cbbfd0860
He said that the commit e5b019725f53b79159931d3a7317107cbbfd0860 make the issue not anymore reachable through the provided testcase, but the issue is still here
Use CVE-2016-8675 for the issue that was fixed by e5b019725f53b79159931d3a7317107cbbfd0860. Use CVE-2016-8676 for the issue that remains after e5b019725f53b79159931d3a7317107cbbfd0860. - -- CVE Assignment Team M/S M300, 202 Burlington Road, Bedford, MA 01730 USA [ A PGP key is available for encrypted communications at http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJYAudAAAoJEHb/MwWLVhi2BeoQALT+/NOvMXNAUFbTth5ZENQR 9obKiTpG1etX5K3BJjkmRffEgprSU8o0KqE6hHSgav9IPoX5t1Ic8mHVPGrzDWBI G+ubzdVIXhbidIfXg4qF0yHbyPpU25sNga61gsAYRrOcZiKzbNnhRUsMhuvv2cHx XJWrTDjVQsE9foEeIdTnONcWUMBQ7mZfjWz+GVJmgICC0Lna/HcitQ0pO2G35kQ2 7sGaQ/szDWZCDbJ9CjonJKqZtI1a45wIX/3I3qy28KOIojguk6b6me0iAcQSSC2r Ext8uDLlVcgMHAChF+mSbo1Yctij2RFiOSz9YdK+Errnw3I3gb8Ad7sXfHNpGw2a aAudyYgdLk8w2a7yP4Wpzy/Mr/KaxyU52qJp/BXe4pvFCippCaa/iwXG9DF9MbC+ H1vgAbzI5tlCeV5r7d08OuZlHx+t29Ki+iyoy7xpArPs5TOVz+Ut5iAlTMquJKsh 8X6azUINjDpJILy/sJKP5R3PKoapjkYA1Tjn3WeTs9NfYsOBOdBrjpp0V6k7B5hq h9q3LcCOOkKnVvaSi7n9naMZt7QRsId/Wc62bqUkR0N1sHLE5Co0wxFArbdyAjs9 8uX7ZIdiWr7qRxviilT5105jO4sCTEBsGz3lcjgezNMRMS1F+OpdU9BJ45s4fFgz 2svTRycflYTFU6E/BO0U =atYc -----END PGP SIGNATURE-----
Current thread:
- libav: null pointer dereference in get_vlc2 (get_bits.h) Agostino Sarubbo (Oct 08)
- Re: libav: null pointer dereference in get_vlc2 (get_bits.h) cve-assign (Oct 15)