FFmpeg Vulnerable to Denial-of-Service (DoS) via Heap-Based Buffer Overflow in 'cbs_jpeg.c' File

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

FFmpeg Vulnerable to Denial-of-Service (DoS) via Heap-Based Buffer Overflow in 'cbs_jpeg.c' File

FFmpeg-users mailing list
Hi,

Would like to understand, any plan to fix the to the https://nvd.nist.gov/vuln/detail/CVE-2020-12284 (FFmpeg Vulnerable to Denial-of-Service (DoS) via Heap-Based Buffer Overflow in 'cbs_jpeg.c' File)

Regards,
Raghu
_______________________________________________
ffmpeg-user mailing list
[hidden email]
https://ffmpeg.org/mailman/listinfo/ffmpeg-user

To unsubscribe, visit link above, or email
[hidden email] with subject "unsubscribe".
Reply | Threaded
Open this post in threaded view
|

Re: FFmpeg Vulnerable to Denial-of-Service (DoS) via Heap-Based Buffer Overflow in 'cbs_jpeg.c' File

Moritz Barsnick
On Fri, May 15, 2020 at 08:28:03 +0000, FFmpeg user discussions wrote:
> Would like to understand, any plan to fix the to the
> https://nvd.nist.gov/vuln/detail/CVE-2020-12284 (FFmpeg Vulnerable to
> Denial-of-Service (DoS) via Heap-Based Buffer Overflow in
> 'cbs_jpeg.c' File)

This is a user and not a development list, but, that said:

A fix is already on the master branch[*], and will most likely be
backported to the coming release 4.2.3, together with many other fixes.

Cheers,
Moritz

[*] https://github.com/FFmpeg/FFmpeg/commit/1812352d767ccf5431aa440123e2e260a4db2726#diff-3f792992b631e77d4a71869346eac832
_______________________________________________
ffmpeg-user mailing list
[hidden email]
https://ffmpeg.org/mailman/listinfo/ffmpeg-user

To unsubscribe, visit link above, or email
[hidden email] with subject "unsubscribe".
Reply | Threaded
Open this post in threaded view
|

Re: FFmpeg Vulnerable to Denial-of-Service (DoS) via Heap-Based Buffer Overflow in 'cbs_jpeg.c' File

Carl Zwanzig
On 5/15/2020 2:00 AM, Moritz Barsnick wrote:
> On Fri, May 15, 2020 at 08:28:03 +0000, FFmpeg user discussions wrote:
>> Would like to understand, any plan to fix the to the
>> https://nvd.nist.gov/vuln/detail/CVE-2020-12284  (FFmpeg Vulnerable to
>> Denial-of-Service (DoS) via Heap-Based Buffer Overflow in
>> 'cbs_jpeg.c' File)

> This is a user and not a development list,[...]

Making it a perfect place to post something that might affect a user, like a
DOS vector.


(Why would vulnerabilities only be of interest to developers? It seems like
half the time "we" tell people to build from source, anyway. And please
don't suggest that the interest is limited to a small group of readers- much
of what people ask about here seems limited to a small group. And unless
someone gets their nose out of joint for a day or two, ffmpeg-users really
is a low traffic list; usually then more time is spent arguing about the
list than on technical matters.)

Later,

z!
_______________________________________________
ffmpeg-user mailing list
[hidden email]
https://ffmpeg.org/mailman/listinfo/ffmpeg-user

To unsubscribe, visit link above, or email
[hidden email] with subject "unsubscribe".