{"id": "OSSFUZZ-1473", "type": "ossfuzz", "bulletinFamily": "software", "title": "ffmpeg: Index-out-of-bounds in dvbsub_parse_clut_segment", "description": "Project:\nhttps://git.ffmpeg.org/ffmpeg.git\n\nDetailed report: https://oss-fuzz.com/testcase?key=5768907824562176\n\nProject: ffmpeg\nFuzzer: libFuzzer_ffmpeg_AV_CODEC_ID_DVBSUB_fuzzer\nFuzz target binary: ffmpeg_AV_CODEC_ID_DVBSUB_fuzzer\nJob Type: libfuzzer_ubsan_ffmpeg\nPlatform Id: linux\n\nCrash Type: Index-out-of-bounds\nCrash Address: \nCrash State:\n dvbsub_parse_clut_segment\n dvbsub_decode\n avcodec_decode_subtitle2\n \nSanitizer: undefined (UBSAN)\n\nRecommended Security Severity: Medium\n\nRegressed: https://oss-fuzz.com/revisions?job=libfuzzer_ubsan_ffmpeg&range=201705081931:201705091623\n\nReproducer Testcase: https://oss-fuzz.com/download?testcase_id=5768907824562176\n\n\nIssue filed automatically.\n\nSee https://github.com/google/oss-fuzz/blob/master/docs/reproducing.md for more information.\n\nThis bug is subject to a 90 day disclosure deadline. If 90 days elapse\nwithout an upstream patch, then the bug report will automatically\nbecome visible to the public.", "published": "2017-05-10T03:44:58", "modified": "2017-06-11T13:03:52", "cvss": {}, "href": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=1473", "reporter": "Google", "references": [], "cvelist": [], "lastseen": "2020-04-03T16:46:12", "viewCount": 1, "enchantments": {"dependencies": {"references": [], "modified": "2020-04-03T16:46:12", "rev": 2}, "score": {"value": -0.5, "vector": "NONE", "modified": "2020-04-03T16:46:12", "rev": 2}, "vulnersScore": -0.5}, "ossfuzz": {"issue": 1473, "status": "Verified", "project": "ffmpeg", "ref": "https://oss-fuzz.com/revisions?job=libfuzzer_ubsan_ffmpeg&range=201705101624:201705111623", "crashType": "Index-out-of-bounds", "revisions": ["3d232196372f309a75ed074c4cef30578eec1782:7ac5067146613997bb38442cb022d7f41321a706"], "project_repos": ["https://git.ffmpeg.org/ffmpeg.git"], "tags": ["4.3-dev", "4.2-dev", "4.1-dev", "3.5-dev", "3.4-dev", "3.3-dev", "3.2-dev", "3.1-dev", "2.9-dev", "2.8-dev", "2.7-dev", "2.6-dev", "2.5-dev", "2.4-dev", "2.3-dev", "2.2-dev", "2.1-dev", "2.0", "1.3-dev", "1.2-dev", "1.1-dev", "0.12-dev", "0.11-dev", "0.8"]}, "affectedSoftware": [{"name": "ffmpeg", "version": "3.4-dev", "operator": "eq"}, {"name": "ffmpeg", "version": "3.3-dev", "operator": "eq"}, {"name": "ffmpeg", "version": "3.2-dev", "operator": "eq"}, {"name": "ffmpeg", "version": "3.1-dev", "operator": "eq"}, {"name": "ffmpeg", "version": "2.9-dev", "operator": "eq"}, {"name": "ffmpeg", "version": "2.8-dev", "operator": "eq"}, {"name": "ffmpeg", "version": "2.7-dev", "operator": "eq"}, {"name": "ffmpeg", "version": "2.6-dev", "operator": "eq"}, {"name": "ffmpeg", "version": "2.5-dev", "operator": "eq"}, {"name": "ffmpeg", "version": "2.4-dev", "operator": "eq"}, {"name": "ffmpeg", "version": "2.3-dev", "operator": "eq"}, {"name": "ffmpeg", "version": "2.2-dev", "operator": "eq"}, {"name": "ffmpeg", "version": "2.1-dev", "operator": "eq"}, {"name": "ffmpeg", "version": "2.0", "operator": "eq"}, {"name": "ffmpeg", "version": "1.3-dev", "operator": "eq"}, {"name": "ffmpeg", "version": "1.2-dev", "operator": "eq"}, {"name": "ffmpeg", "version": "1.1-dev", "operator": "eq"}, {"name": "ffmpeg", "version": "0.12-dev", "operator": "eq"}, {"name": "ffmpeg", "version": "0.11-dev", "operator": "eq"}, {"name": "ffmpeg", "version": "0.8", "operator": "eq"}]}

{}