Bug 621408

Summary:	<media-video/ffmpeg-3.2.5: Heap-buffer-overflow in y41p_decode_frame
Product:	Gentoo Security	Reporter:	Agostino Sarubbo <ago>
Component:	Vulnerabilities	Assignee:	Gentoo Security <security>
Status:	RESOLVED FIXED
Severity:	minor	CC:	media-video
Priority:	Normal
Version:	unspecified
Hardware:	All
OS:	Linux
URL:	https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=1437
Whiteboard:	B3 [noglsa]
Package list:		Runtime testing required:	---

Description Agostino Sarubbo gentoo-dev

2017-06-10 15:50:32 UTC

OSS-Fuzz is a Continuous Fuzzing for Open Source Software. See $URL for more details about the issue.


@maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.

Comment 1 Agostino Sarubbo gentoo-dev

2017-06-10 15:51:12 UTC

Commit fix: https://github.com/FFmpeg/FFmpeg/commit/3d8d3729475c7dce52d8fb9ffb280fd2ea62e1a2

Comment 2 Alexis Ballier gentoo-dev

2017-06-11 11:17:43 UTC

this commit seems to be in 3.2.5, feel free to stabilize it

Comment 3 Aaron Bauman (RETIRED) gentoo-dev

2017-10-19 01:23:31 UTC

GLSA Vote: No