515236 – media-video/ffmpeg: Vulnerability in LZO (CVE-2014-4610)

Bug 515236 - media-video/ffmpeg: Vulnerability in LZO (CVE-2014-4610)

Summary: media-video/ffmpeg: Vulnerability in LZO (CVE-2014-4610)

Status:	RESOLVED DUPLICATE of bug 515282

Alias:	None

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal normal (vote)
Assignee:	Gentoo Security

URL:	http://seclists.org/oss-sec/2014/q2/668
Whiteboard:	B3 [ebuild]
Keywords:

Depends on:	CVE-2014-4610
Blocks:
	Show dependency tree

Reported:	2014-06-26 20:49 UTC by Kristian Fiskerstrand (RETIRED)
Modified:	2014-06-28 13:01 UTC (History)
CC List:	2 users (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Kristian Fiskerstrand (RETIRED) gentoo-dev

2014-06-26 20:49:31 UTC

Criticality Reasoning
---------------------
This vulnerability can be triggered through a compression payload embedded
in a video file. Due to the nature of this memory corruption vulnerability,
exploitation of the bug can be seamless and work in the background during
normal video playback. A user will never notice that playback has been
compromised.

See more details in ${URL}

Comment 1 Kristian Fiskerstrand (RETIRED) gentoo-dev

2014-06-28 12:11:42 UTC

This is currently being processed in bug 515282

Comment 2 Kristian Fiskerstrand (RETIRED) gentoo-dev

2014-06-28 12:59:30 UTC

Continuing in bug 515282

*** This bug has been marked as a duplicate of bug 515282 ***