Changelog for both 22.09 says, "+ Several other parsing bug/crash fixes (thanks to fuzzing by users)" https://github.com/MediaArea/MediaInfoLib/releases/tag/v22.09 https://github.com/MediaArea/MediaInfo/releases/tag/v22.09
The affected older versions are gone from the tree. Can this bug close?
Given the potential for RCE, we'd like to GLSA.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/data/glsa.git/commit/?id=3f0835df81643a2316838781489d1870a408b6c9 commit 3f0835df81643a2316838781489d1870a408b6c9 Author: GLSAMaker <glsamaker@gentoo.org> AuthorDate: 2024-05-04 09:27:38 +0000 Commit: Hans de Graaff <graaff@gentoo.org> CommitDate: 2024-05-04 09:28:09 +0000 [ GLSA 202405-09 ] MediaInfo, MediaInfoLib: Multiple Vulnerabilities Bug: https://bugs.gentoo.org/778992 Bug: https://bugs.gentoo.org/836564 Bug: https://bugs.gentoo.org/875374 Bug: https://bugs.gentoo.org/917612 Signed-off-by: GLSAMaker <glsamaker@gentoo.org> Signed-off-by: Hans de Graaff <graaff@gentoo.org> glsa-202405-09.xml | 55 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 55 insertions(+)
