Bugzilla – Bug 1034181
VUL-0: CVE-2017-7862: ffmpeg: heap-based buffer overflow (decode_frame function in libavcodec/pictordec.c)
Last modified: 2021-09-11 02:35:47 UTC
Ref: https://nvd.nist.gov/vuln/detail/CVE-2017-7862 ==================================================== Description FFmpeg before 2017-02-07 has an out-of-bounds write caused by a heap-based buffer overflow related to the decode_frame function in libavcodec/pictordec.c. Source: MITRE Last Modified: 04/14/2017 ==================================================== Hyperlink [1] https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=559 [2] https://github.com/FFmpeg/FFmpeg/commit/8c2ea3030af7b40a3c4275696fb5c76cdb80950a (open-)SUSE: https://software.opensuse.org/package/ffmpeg 3.2.4 (TW, 42.2, official repo) 2.8.8 (42.1, official repo)
pictordec is not enabled in openSUSE.
This is an autogenerated message for OBS integration: This bug (1034181) was mentioned in https://build.opensuse.org/request/show/489106 42.2 / ffmpeg
openSUSE-SU-2017:1121-1: An update that fixes 8 vulnerabilities is now available. Category: security (moderate) Bug References: 1022920,1022921,1022922,1034176,1034177,1034179,1034181,1034183 CVE References: CVE-2016-10190,CVE-2016-10191,CVE-2016-10192,CVE-2017-7859,CVE-2017-7862,CVE-2017-7863,CVE-2017-7865,CVE-2017-7866 Sources used: openSUSE Leap 42.2 (src): ffmpeg-3.3-6.6.1
This is an autogenerated message for OBS integration: This bug (1034181) was mentioned in https://build.opensuse.org/request/show/623663 15.0+42.3+Backports:SLE-12-SP2 / chromium+codec2+ffmpeg-2+ffmpeg-3+ffmpeg-4+libsodium+libvpx-1_6+zeromq