CVE-2018-5766 (https://nvd.nist.gov/vuln/detail/CVE-2018-5766): In Libav through 12.2, there is an invalid memcpy in the av_packet_ref function of libavcodec/avpacket.c. Remote attackers could leverage this vulnerability to cause a denial of service (segmentation fault) via a crafted avi file. CVE-2018-5684 (https://nvd.nist.gov/vuln/detail/CVE-2018-5684): In Libav through 12.2, there is an invalid memcpy call in the ff_mov_read_stsd_entries function of libavformat/mov.c. Remote attackers could leverage this vulnerability to cause a denial of service (segmentation fault) and program failure with a crafted avi file. @Maintainers, 12.2 is in tree, are we affected in previous versions? Thank you
(In reply to GLSAMaker/CVETool Bot from comment #0) > CVE-2018-5766 (https://nvd.nist.gov/vuln/detail/CVE-2018-5766): > In Libav through 12.2, there is an invalid memcpy in the av_packet_ref > function of libavcodec/avpacket.c. Remote attackers could leverage this > vulnerability to cause a denial of service (segmentation fault) via a > crafted avi file. > https://bugzilla.libav.org/show_bug.cgi?id=1112 > CVE-2018-5684 (https://nvd.nist.gov/vuln/detail/CVE-2018-5684): > In Libav through 12.2, there is an invalid memcpy call in the > ff_mov_read_stsd_entries function of libavformat/mov.c. Remote attackers > could leverage this vulnerability to cause a denial of service > (segmentation > fault) and program failure with a crafted avi file. > https://bugzilla.libav.org/show_bug.cgi?id=1110 > > @Maintainers, 12.2 is in tree, are we affected in previous versions? > > Thank you Both CVE's still pending upstream:
The bug has been closed via the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=ae1063b59ef317fdc6dd640b60437f6fb143a2ac commit ae1063b59ef317fdc6dd640b60437f6fb143a2ac Author: Mikle Kolyada <zlogene@gentoo.org> AuthorDate: 2020-04-26 15:14:48 +0000 Commit: Mikle Kolyada <zlogene@gentoo.org> CommitDate: 2020-04-26 15:22:46 +0000 media-video/libav: remove last-rited pkg Closes: https://bugs.gentoo.org/show_bug.cgi?id=452482 Closes: https://bugs.gentoo.org/show_bug.cgi?id=458768 Closes: https://bugs.gentoo.org/show_bug.cgi?id=470764 Closes: https://bugs.gentoo.org/show_bug.cgi?id=499256 Closes: https://bugs.gentoo.org/show_bug.cgi?id=509974 Closes: https://bugs.gentoo.org/show_bug.cgi?id=519602 Closes: https://bugs.gentoo.org/show_bug.cgi?id=525070 Closes: https://bugs.gentoo.org/show_bug.cgi?id=555114 Closes: https://bugs.gentoo.org/show_bug.cgi?id=564040 Closes: https://bugs.gentoo.org/show_bug.cgi?id=587054 Closes: https://bugs.gentoo.org/show_bug.cgi?id=588986 Closes: https://bugs.gentoo.org/show_bug.cgi?id=701952 Closes: https://bugs.gentoo.org/show_bug.cgi?id=538790 Closes: https://bugs.gentoo.org/show_bug.cgi?id=711206 Closes: https://bugs.gentoo.org/show_bug.cgi?id=489922 Closes: https://bugs.gentoo.org/show_bug.cgi?id=409957 Closes: https://bugs.gentoo.org/show_bug.cgi?id=445854 Closes: https://bugs.gentoo.org/show_bug.cgi?id=474408 Closes: https://bugs.gentoo.org/show_bug.cgi?id=509294 Closes: https://bugs.gentoo.org/show_bug.cgi?id=522350 Closes: https://bugs.gentoo.org/show_bug.cgi?id=546080 Closes: https://bugs.gentoo.org/show_bug.cgi?id=588482 Closes: https://bugs.gentoo.org/show_bug.cgi?id=603726 Closes: https://bugs.gentoo.org/show_bug.cgi?id=694082 Closes: https://bugs.gentoo.org/show_bug.cgi?id=634102 Closes: https://bugs.gentoo.org/show_bug.cgi?id=542186 Closes: https://bugs.gentoo.org/show_bug.cgi?id=635524 Closes: https://bugs.gentoo.org/show_bug.cgi?id=651218 Closes: https://bugs.gentoo.org/show_bug.cgi?id=651220 Signed-off-by: Mikle Kolyada <zlogene@gentoo.org> media-video/libav/Manifest | 3 - media-video/libav/files/libav-12.3-x264.patch | 85 ------- media-video/libav/libav-12.3.ebuild | 350 -------------------------- media-video/libav/libav-13_pre20171219.ebuild | 336 ------------------------- media-video/libav/libav-9999.ebuild | 339 ------------------------- media-video/libav/metadata.xml | 35 --- 6 files changed, 1148 deletions(-)