[FFmpeg-trac] #9155(avcodec:new): Backporting of fixes for CVE-2020-35965/oss-fuzz issue 26532 to FFmpeg 4.3
FFmpeg
trac at avcodec.org
Wed Mar 17 14:11:02 EET 2021
#9155: Backporting of fixes for CVE-2020-35965/oss-fuzz issue 26532 to FFmpeg 4.3
----------------------------------+---------------------------------------
Reporter: diabonas | Type: defect
Status: new | Priority: normal
Component: avcodec | Version: unspecified
Keywords: | Blocked By:
Blocking: | Reproduced by developer: 0
Analyzed by developer: 0 |
----------------------------------+---------------------------------------
I have a question regarding the backporting of the fixes for
[https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35965
CVE-2020-35965], also tracked as [https://bugs.chromium.org/p/oss-
fuzz/issues/detail?id=26532 oss-fuzz issue 26532], to the FFmpeg 4.3
branch.
According to the CVE description and the oss-fuzz issue details, this
vulnerability is fixed by two commits,
[https://github.com/FFmpeg/FFmpeg/commit/b0a8b40294ea212c1938348ff112ef1b9bf16bb3
b0a8b40294ea212c1938348ff112ef1b9bf16bb3 ("avcodec/exr: skip bottom
clearing loop when its outside the image")] and
[https://github.com/FFmpeg/FFmpeg/commit/3e5959b3457f7f1856d997261e6ac672bba49e8b
3e5959b3457f7f1856d997261e6ac672bba49e8b ("avcodec/exr: Check ymin vs.
h")].
However, only the latter seems to have been backported to the release/4.3
branch (as commit
[https://github.com/FFmpeg/FFmpeg/commit/a53ffb15d8ae9bed14041b4cf62e436852e95431
a53ffb15d8ae9bed14041b4cf62e436852e95431]) and thus has been included in
the FFmpeg 4.3.2 release. Is this correct, or does the former commit need
to be backported as well?
--
Ticket URL: <https://trac.ffmpeg.org/ticket/9155>
FFmpeg <https://ffmpeg.org>
FFmpeg issue tracker
More information about the FFmpeg-trac
mailing list