Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 652752 (CVE-2018-9841)

Summary: media-video/ffmpeg: Out of array access in libavfilter/vf_signature.c (DoS)
Product: Gentoo Security Reporter: D'juan McDonald (domhnall) <flopwiki>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED DUPLICATE    
Severity: minor CC: media-video
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard: B3 [ebuild]
Package list:
Runtime testing required: ---

Description D'juan McDonald (domhnall) 2018-04-07 17:19:29 UTC 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-9841:

The export function in libavfilter/vf_signature.c in FFmpeg through 3.4.2 allows remote attackers to cause a denial of service (out-of-array access) or possibly have unspecified other impact via a long filename.

@maintainer(s): In case of bump, please call for stabilization when ready, thank you.

Gentoo Security Padawan
(Jmbailey)
Comment 1 D'juan McDonald (domhnall) 2018-04-07 17:21:26 UTC 
Upstream Patch:

http://git.videolan.org/?p=ffmpeg.git;a=commit;h=35eeff30caf34df835206f1c12bcf4b7c2bd6758
Comment 2 Alexis Ballier gentoo-dev 2019-02-13 15:25:22 UTC 
this is already listed in bug #660924 -- since the other bug has more issues reported and we'll group them, let's close this one as dupe

*** This bug has been marked as a duplicate of bug 660924 ***