621710 – ~media-video/ffmpeg-3.3.2: Index-out-of-bounds in ScreenPressor decoder's decode_unit function

Bug 621710 - ~media-video/ffmpeg-3.3.2: Index-out-of-bounds in ScreenPressor decoder's decode_unit function

Summary: ~media-video/ffmpeg-3.3.2: Index-out-of-bounds in ScreenPressor decoder's dec...

Status:	RESOLVED FIXED

Alias:	None

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal trivial
Assignee:	Gentoo Security

URL:	https://bugs.chromium.org/p/oss-fuzz/...
Whiteboard:	~3 [noglsa]
Keywords:

Depends on:
Blocks:

Reported:	2017-06-14 06:55 UTC by Agostino Sarubbo
Modified:	2017-06-15 20:24 UTC (History)
CC List:	1 user (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Agostino Sarubbo gentoo-dev

2017-06-14 06:55:57 UTC

OSS-Fuzz is a Continuous Fuzzing for Open Source Software. See $URL for more details about the issue.
Commit fix: https://github.com/FFmpeg/FFmpeg/commit/2171dfae8c065878a2e130390eb78cf2947a5b69



@maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.

Comment 1 Alexis Ballier gentoo-dev

2017-06-14 08:31:13 UTC

this codec is new in ffmpeg 3.3 and is already fixed in 3.3.2, nothing to do here

Comment 2 Thomas Deutschmann (RETIRED) gentoo-dev

2017-06-15 20:24:50 UTC

According to maintainer (comment #1), only 3.3.x affected which wasn't stabilized yet. Fixed in unstable 3.3.2.

All done, repository is clean.