652752 – (CVE-2018-9841) media-video/ffmpeg: Out of array access in libavfilter/vf_signature.c (DoS)

Bug 652752 (CVE-2018-9841) - media-video/ffmpeg: Out of array access in libavfilter/vf_signature.c (DoS)

Summary: media-video/ffmpeg: Out of array access in libavfilter/vf_signature.c (DoS)

Status:	RESOLVED DUPLICATE of bug 660924

Alias:	CVE-2018-9841

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal minor
Assignee:	Gentoo Security

URL:
Whiteboard:	B3 [ebuild]
Keywords:

Depends on:
Blocks:

Reported:	2018-04-07 17:19 UTC by D'juan McDonald (domhnall)
Modified:	2019-02-13 15:25 UTC (History)
CC List:	1 user (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description D'juan McDonald (domhnall) 2018-04-07 17:19:29 UTC

https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-9841:

The export function in libavfilter/vf_signature.c in FFmpeg through 3.4.2 allows remote attackers to cause a denial of service (out-of-array access) or possibly have unspecified other impact via a long filename.

@maintainer(s): In case of bump, please call for stabilization when ready, thank you.

Gentoo Security Padawan
(Jmbailey)

Comment 1 D'juan McDonald (domhnall) 2018-04-07 17:21:26 UTC

Upstream Patch:

http://git.videolan.org/?p=ffmpeg.git;a=commit;h=35eeff30caf34df835206f1c12bcf4b7c2bd6758

Comment 2 Alexis Ballier gentoo-dev

2019-02-13 15:25:22 UTC

this is already listed in bug #660924 -- since the other bug has more issues reported and we'll group them, let's close this one as dupe

*** This bug has been marked as a duplicate of bug 660924 ***