626344 – (CVE-2017-11684) <media-video/libav-12.2: illegal address access in bitstream.c of the libav library.

Bug 626344 (CVE-2017-11684) - <media-video/libav-12.2: illegal address access in bitstream.c of the libav library.

Summary: <media-video/libav-12.2: illegal address access in bitstream.c of the libav l...

Status:	RESOLVED FIXED

Alias:	CVE-2017-11684

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal normal (vote)
Assignee:	Gentoo Security

URL:	https://bugzilla.libav.org/show_bug.c...
Whiteboard:	~3 [noglsa cve]
Keywords:

Depends on:
Blocks:

Reported:	2017-07-27 10:31 UTC by Christopher Díaz Riveros (RETIRED)
Modified:	2018-01-24 23:46 UTC (History)
CC List:	1 user (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Christopher Díaz Riveros (RETIRED) gentoo-dev

2017-07-27 10:31:35 UTC

Reference:

https://nvd.nist.gov/vuln/detail/CVE-2017-11684

From Reference:

There is an illegal address access in the build_table function in libavcodec/bitstream.c of Libav 12.1 that will lead to remote denial of service via crafted input.

Comment 1 Aaron Bauman (RETIRED) gentoo-dev

2018-01-24 22:52:29 UTC

Only impacts the 12.x branch.

@maintainer(s), please clean the vulnerable ebuilds from the 0/12 slot.

Comment 2 Aaron Bauman (RETIRED) gentoo-dev

2018-01-24 23:46:19 UTC

Tree is clean:

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=db00746d6fe4a6c65bcc2efef8a0f3807b275f58