Bug#654573: Bug#654534: libav: multiple security issues
Reinhard Tartler
siretart at gmail.com
Sat Jan 7 22:25:52 UTC 2012
On Wed, Jan 4, 2012 at 1:35 AM, Michael Gilbert
<michael.s.gilbert at gmail.com> wrote:
> the following CVE (Common Vulnerabilities & Exposures) ids were
> published for libav.
>
> CVE-2011-3895[2]:
> | Heap-based buffer overflow in the Vorbis decoder in Google Chrome
> | before 15.0.874.120 allows remote attackers to cause a denial of
> | service or possibly have unspecified other impact via a crafted
> | stream.
>
I have forwarded this bug upstream, but it is still pending review.
http://bugzilla.libav.org/show_bug.cgi?id=191
Do you guys have any exploits or samples that you could provide me to
verify that the proposed patches actually fix the problem?
--
regards,
Reinhard
More information about the pkg-multimedia-maintainers
mailing list