[Secure-testing-commits] r55545 - data/CVE
Hugo Lefeuvre
hle at moszumanska.debian.org
Thu Sep 7 16:47:53 UTC 2017
Author: hle
Date: 2017-09-07 16:47:53 +0000 (Thu, 07 Sep 2017)
New Revision: 55545
Modified:
data/CVE/list
Log:
Mark CVE-2017-9991 <not-affected> in wheezy & jessie.
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-09-07 16:40:00 UTC (rev 55544)
+++ data/CVE/list 2017-09-07 16:47:53 UTC (rev 55545)
@@ -9910,9 +9910,11 @@
NOTE: https://github.com/FFmpeg/FFmpeg/commit/f52fbf4f3ed02a7d872d8a102006f29b4421f360
CVE-2017-9991 (Heap-based buffer overflow in the xwd_decode_frame function in ...)
- ffmpeg 7:3.2.5-1
- - libav <undetermined>
- [wheezy] - libav <not-affected> (Vulnerable code not present)
+ - libav <not-affected> (Vulnerable feature not present)
NOTE: https://github.com/FFmpeg/FFmpeg/commit/441026fcb13ac23aa10edc312bdacb6445a0ad06
+ NOTE: The error occurs in the support for 8bpp XWD images where bpp and image
+ NOTE: depth are not checked thoroughly enough. Libav does not support 8bpp
+ NOTE: images and bails out early -- Diego Biurrun (libav project)
CVE-2017-9990 (Stack-based buffer overflow in the color_string_to_rgba function in ...)
- ffmpeg <not-affected> (Vulnerable code not present)
- libav <not-affected> (Vulnerable code not present)
More information about the Secure-testing-commits
mailing list