[FFmpeg-devel] Security issues?

Michael Niedermayer michaelni
Wed Sep 23 09:48:21 CEST 2009


On Wed, Sep 23, 2009 at 01:32:13AM +0200, Michael Niedermayer wrote:
> On Tue, Sep 22, 2009 at 08:09:08PM +0200, Michael Niedermayer wrote:
> > Hi
> > 
> > lars has mailed me the following 2 links
> > http://www.heise.de/newsticker/Sicherheitsluecken-in-VLC-und-FFmpeg--/meldung/145655
> > http://secunia.com/advisories/36805/
> 
> yet another vorbis issue
>     vc->audio_channels=get_bits(gb, 8);   //FIXME check >0
>     vc->audio_samplerate=get_bits_long(gb, 32);   //FIXME check >0
> 
> i dont know if its security relevant but it definitly should be fixed
> <=0 are clearly invalid, a check should be added for that ...

added checks

[...]
-- 
Michael     GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB

Avoid a single point of failure, be that a person or equipment.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
URL: <http://lists.mplayerhq.hu/pipermail/ffmpeg-devel/attachments/20090923/211fa47a/attachment.pgp>



More information about the ffmpeg-devel mailing list