621408 – <media-video/ffmpeg-3.2.5: Heap-buffer-overflow in y41p_decode_frame

Bug 621408 - <media-video/ffmpeg-3.2.5: Heap-buffer-overflow in y41p_decode_frame

Summary: <media-video/ffmpeg-3.2.5: Heap-buffer-overflow in y41p_decode_frame

Status:	RESOLVED FIXED

Alias:	None

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal minor (vote)
Assignee:	Gentoo Security

URL:	https://bugs.chromium.org/p/oss-fuzz/...
Whiteboard:	B3 [noglsa]
Keywords:

Depends on:
Blocks:

Reported:	2017-06-10 15:50 UTC by Agostino Sarubbo
Modified:	2017-10-19 22:39 UTC (History)
CC List:	1 user (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Agostino Sarubbo gentoo-dev

2017-06-10 15:50:32 UTC

OSS-Fuzz is a Continuous Fuzzing for Open Source Software. See $URL for more details about the issue.


@maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.

Comment 1 Agostino Sarubbo gentoo-dev

2017-06-10 15:51:12 UTC

Commit fix: https://github.com/FFmpeg/FFmpeg/commit/3d8d3729475c7dce52d8fb9ffb280fd2ea62e1a2

Comment 2 Alexis Ballier gentoo-dev

2017-06-11 11:17:43 UTC

this commit seems to be in 3.2.5, feel free to stabilize it

Comment 3 Aaron Bauman (RETIRED) gentoo-dev

2017-10-19 01:23:31 UTC

GLSA Vote: No