Hi Diego, > I just released libav 0.8.20 with some more fixes, changelog below. > > Diego > > version 0.8.20: > > - mpegvideo: Fix undefined negative shifts in mpeg_motion_internal (Bug-Id: 980, CVE-2016-9820) > - mpegvideo: Fix undefined negative shifts in ff_init_block_index (Bug-Id: 980, CVE-2016-9819) > - mpeg12dec: move setting first_field to mpeg_field_start() (Bug-ID: 999) > - mpeg12dec: avoid signed overflow in bitrate calculation (Bug-Id: 981, CVE-2016-9822) > - mpegvideo_parser: avoid signed overflow in bitrate calculation (Bug-Id: 981, CVE-2016-9821) > - h264: Use the right H264Context for struct member comparison Thanks for your work. I'll have a look at it and upload tomorrow. Concerning the old CVEs (CVE-2015-6820, etc.), we could maybe ask the ffmpeg project for the reproducers ? Not sure they will still have them, but it doesn't hurt to try. Cheers, Hugo -- Hugo Lefeuvre (hle) | www.owl.eu.com 4096/ ACB7 B67F 197F 9B32 1533 431C AC90 AC3E C524 065E
Attachment:
signature.asc
Description: PGP signature