Hi Diego,
> I just released libav 0.8.20 with some more fixes, changelog below.
>
> Diego
>
> version 0.8.20:
>
> - mpegvideo: Fix undefined negative shifts in mpeg_motion_internal (Bug-Id: 980, CVE-2016-9820)
> - mpegvideo: Fix undefined negative shifts in ff_init_block_index (Bug-Id: 980, CVE-2016-9819)
> - mpeg12dec: move setting first_field to mpeg_field_start() (Bug-ID: 999)
> - mpeg12dec: avoid signed overflow in bitrate calculation (Bug-Id: 981, CVE-2016-9822)
> - mpegvideo_parser: avoid signed overflow in bitrate calculation (Bug-Id: 981, CVE-2016-9821)
> - h264: Use the right H264Context for struct member comparison
Thanks for your work. I'll have a look at it and upload tomorrow.
Concerning the old CVEs (CVE-2015-6820, etc.), we could maybe ask the
ffmpeg project for the reproducers ? Not sure they will still have them,
but it doesn't hurt to try.
Cheers,
Hugo
--
Hugo Lefeuvre (hle) | www.owl.eu.com
4096/ ACB7 B67F 197F 9B32 1533 431C AC90 AC3E C524 065E
Attachment:
signature.asc
Description: PGP signature