On Fri, Jan 06, 2017 at 11:32:49AM +0100, Hugo Lefeuvre wrote:
>
> Could you summarize us the status of your work on the 0.8 branch ?
>
> I've had a look at the new CVEs reported for libav. I managed to
> reproduce CVE-2016-98{21,22} (avconv crashes with segfault), but
> cherry picking the fix[0,1,2] for these issues doesn't seem to fix
> the problem.
>
> I have also tried to reproduce CVE-2016-98{19,20,23,24,25,26}, but
> I am not getting the same error messages as those mentionned on the
> CVE report. No segfault. Instead, avconv is just ending with error
> messages like "Error at MB: 0", or "Error while decoding stream #0:0",
> which doesn't help me to determine whether this behavior is normal or
> not.
I just released libav 0.8.20 with some more fixes, changelog below.
Diego
version 0.8.20:
- mpegvideo: Fix undefined negative shifts in mpeg_motion_internal (Bug-Id: 980, CVE-2016-9820)
- mpegvideo: Fix undefined negative shifts in ff_init_block_index (Bug-Id: 980, CVE-2016-9819)
- mpeg12dec: move setting first_field to mpeg_field_start() (Bug-ID: 999)
- mpeg12dec: avoid signed overflow in bitrate calculation (Bug-Id: 981, CVE-2016-9822)
- mpegvideo_parser: avoid signed overflow in bitrate calculation (Bug-Id: 981, CVE-2016-9821)
- h264: Use the right H264Context for struct member comparison
Attachment:
signature.asc
Description: Digital signature