Please read this before reporting a bug:
https://wiki.archlinux.org/title/Bug_reporting_guidelines
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
https://wiki.archlinux.org/title/Bug_reporting_guidelines
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
FS#10874 - FFmpeg libavformat "str_read_packet()" Buffer Overflow
Attached to Project:
Arch Linux
Opened by james francis toy iv (bbs) - Wednesday, 09 July 2008, 21:12 GMT
Last edited by Eric Belanger (Snowman) - Saturday, 19 July 2008, 02:57 GMT
Opened by james francis toy iv (bbs) - Wednesday, 09 July 2008, 21:12 GMT
Last edited by Eric Belanger (Snowman) - Saturday, 19 July 2008, 02:57 GMT
|
DetailsDescription:
A vulnerability has been reported in FFmpeg, which potentially can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to a boundary error within the "str_read_packet()" function in libavformat/psxstr.c. This can be exploited to cause a heap-based buffer overflow via a specially crafted STR file. Solution: Fixed in the SVN repository at revision 13993. http://svn.mplayerhq.hu/ffmpeg?view=rev&revision=13993 in addition the AUR package maintainer for ffmpeg-svn should know i'll let him know. |
This task depends upon
I'll see if current snapshots are .so compatible and get one into testing, if so.
- P