[FFmpeg-devel] Security issues?

Michael Niedermayer michaelni
Wed Sep 23 00:26:39 CEST 2009


On Tue, Sep 22, 2009 at 09:29:55PM +0000, Carl Eugen Hoyos wrote:
> Michael Niedermayer <michaelni <at> gmx.at> writes:
> 
> > lars has mailed me the following 2 links
> > http://www.heise.de/newsticker/meldung/145655
> > http://secunia.com/advisories/36805/
> > 
> > they seem to contain some hints toward security issues in ffmpeg,
> > i guess i dont need to mention that i was unaware of security issues in
> > svn, if any of them do apply to svn ...
> 
> Chrome developers claim that issue 1365 is security relevant.

the way i understand that one is that it can just lead to a crash due to
out of array read but cant lead to arbitrary code execution. If that is
true its just anoher crash ...
to fix that each codec should at appropriate places, where it has no
performance impact check for the end of buffer, the suggested patch likely
causes far too much slowdown.


[...]
-- 
Michael     GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB

Why not whip the teacher when the pupil misbehaves? -- Diogenes of Sinope
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
URL: <http://lists.mplayerhq.hu/pipermail/ffmpeg-devel/attachments/20090923/5da647ed/attachment.pgp>



More information about the ffmpeg-devel mailing list