In FFmpeg 4.0.1, a missing check for failure of a call to init_get_bits8()
in the avpriv_ac3_parse_header function in libavcodec/ac3_parser.c may
trigger a NULL pointer dereference while converting a crafted AVI file to
MPEG4, leading to a denial of service.
Author | Note |
---|---|
mdeslaur | marking chromium-browser as ignored, since we do full-version updates, and rely on upstream’s bundled ffmpeg version |
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 18.04 | noarch | gst-libav1.0 | < any | UNKNOWN |
ubuntu | 20.04 | noarch | gst-libav1.0 | < any | UNKNOWN |
ubuntu | 22.04 | noarch | gst-libav1.0 | < any | UNKNOWN |
ubuntu | 23.10 | noarch | gst-libav1.0 | < any | UNKNOWN |
ubuntu | 24.04 | noarch | gst-libav1.0 | < any | UNKNOWN |
ubuntu | 16.04 | noarch | gst-libav1.0 | < any | UNKNOWN |
ubuntu | 18.04 | noarch | kino | < any | UNKNOWN |
ubuntu | 20.04 | noarch | kino | < any | UNKNOWN |
ubuntu | 22.04 | noarch | kino | < any | UNKNOWN |
ubuntu | 16.04 | noarch | kino | < any | UNKNOWN |