[FFmpeg-devel] Security issues?
Michael Niedermayer
michaelni
Wed Sep 23 12:29:18 CEST 2009
On Tue, Sep 22, 2009 at 08:09:08PM +0200, Michael Niedermayer wrote:
> Hi
>
> lars has mailed me the following 2 links
> http://www.heise.de/newsticker/Sicherheitsluecken-in-VLC-und-FFmpeg--/meldung/145655
> http://secunia.com/advisories/36805/
vp3 malloc()==NULL checks (not security id assume)
http://src.chromium.org/viewvc/chrome/trunk/deps/third_party/ffmpeg/patches/to_upstream/28_theora_malloc_checks.patch?revision=24934&view=markup
this one can maybe be applied as is
also i think vp3 has a memleak in the init_vlc failure case of vp3_decode_init
[...]
--
Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB
The educated differ from the uneducated as much as the living from the
dead. -- Aristotle
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
URL: <http://lists.mplayerhq.hu/pipermail/ffmpeg-devel/attachments/20090923/808c5652/attachment.pgp>
More information about the ffmpeg-devel
mailing list