[libav-bugs] [Bug 1161] tow segment fault in libavcodec/mpegaudiodsp_template.c and libavcodec/apedec.c

bugzilla at libav.org bugzilla at libav.org
Fri Nov 8 19:16:41 CET 2019


https://bugzilla.libav.org/show_bug.cgi?id=1161

--- Comment #5 from beuc at beuc.net ---
I'm triaging libav security issues at part of the Debian Long Term Support
(Debian LTS) project.

CVE-2019-14441/SegFaultOnPcNearNull hits a NULL
MPADSPContext->apply_window_float due to a memset overflow in qdm2_decode().

https://git.ffmpeg.org/gitweb/ffmpeg.git/commitdiff/895d258e9ba (a fix for
CVE-2011-4351 that libav addressed differently) helps with the overflow, but
the same PoC segfaults later with a non-NULL address due to stack corruption
AFAICS.

Do you know how to fix this issue?

-- 
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.libav.org/pipermail/libav-bugs/attachments/20191108/a21156b8/attachment.html>


More information about the libav-bugs mailing list