indeo3 decoder lacks buffer checks
Bug #331255 reported by
Alex Converse
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
FFmpeg |
Fix Released
|
Unknown
|
|||
ffmpeg (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
FFmpeg's indeo3 decoder lacks any sort of buffer checks and is a sitting target for buffer overflow attacks.
I'm especially worried about the webbrowser -> totem-plugin -> gstreamer-ffmpeg attack vector
The upstream issue report is at:
Changed in ffmpeg: | |
status: | Unknown → Confirmed |
Changed in ffmpeg: | |
status: | Confirmed → Fix Released |
To post a comment you must log in.
Thank you for using Ubuntu and taking the time to report a bug. Without a specific reproducer, this class of bug will be very hard to solve. Also, crashes (even as shown in the upstream report) do not mean there is a security issue (though some are). Without those details, I will unmark this as security bug for now.