Bug#610550: [CVE-2011-0480] memory corruptions in the ffmpeg Vorbis codec
Reinhard Tartler
siretart at tauware.de
Sat Jan 22 22:28:21 UTC 2011
tags 610550 unreproducible
stop
Hi,
On Wed, Jan 19, 2011 at 20:48:35 (CET), Luciano Bello wrote:
> Package: ffmpeg
> Severity: important
> Tags: security patch
>
> Hi,
> the following CVE (Common Vulnerabilities & Exposures) id was
> published for ffmpeg.
>
> CVE-2011-0480[0]:
> | Multiple buffer overflows in the Vorbis decoder in Google Chrome
> | before 8.0.552.237 and Chrome OS before 8.0.552.344 allow remote
> | attackers to cause a denial of service or possibly have unspecified
> | other impact via unknown vectors.
The report is against Chrome and Chrome OS. I've failed to reproduce the
reported crashes with debian's version of ffmpeg; I get error messages
about corrupted vorbis headers, but no crash. Can you please provide a
testcase that applies to the debian copy of ffmpeg?
--
Gruesse/greetings,
Reinhard Tartler, KeyID 945348A4
More information about the pkg-multimedia-maintainers
mailing list