Bugzilla – Bug 1034183
VUL-0: CVE-2017-7859: ffmpeg: heap-based buffer overflow (ff_h264_slice_context_init function in libavcodec/h264dec.c)
Last modified: 2021-09-11 02:35:53 UTC
Ref: https://nvd.nist.gov/vuln/detail/CVE-2017-7859 ==================================================== Description FFmpeg before 2017-03-05 has an out-of-bounds write caused by a heap-based buffer overflow related to the ff_h264_slice_context_init function in libavcodec/h264dec.c. Source: MITRE Last Modified: 04/14/2017 ==================================================== Hyperlink [1] https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=713 Due to https://oss-fuzz.com/revisions?job=libfuzzer_asan_ffmpeg&range=201703011717:201703020000 from [1] the fix commit is https://github.com/FFmpeg/FFmpeg/commit/70ebc05bce51215cd0857194d6cabf1e4d1440fb (open-)SUSE: https://software.opensuse.org/package/ffmpeg 3.2.4 (TW, 42.2, official repo) 2.8.8 (42.1, official repo)
openSUSE does not build libavcodec/h264dec.c.
This is an autogenerated message for OBS integration: This bug (1034183) was mentioned in https://build.opensuse.org/request/show/489106 42.2 / ffmpeg
openSUSE-SU-2017:1121-1: An update that fixes 8 vulnerabilities is now available. Category: security (moderate) Bug References: 1022920,1022921,1022922,1034176,1034177,1034179,1034181,1034183 CVE References: CVE-2016-10190,CVE-2016-10191,CVE-2016-10192,CVE-2017-7859,CVE-2017-7862,CVE-2017-7863,CVE-2017-7865,CVE-2017-7866 Sources used: openSUSE Leap 42.2 (src): ffmpeg-3.3-6.6.1
This is an autogenerated message for OBS integration: This bug (1034183) was mentioned in https://build.opensuse.org/request/show/623663 15.0+42.3+Backports:SLE-12-SP2 / chromium+codec2+ffmpeg-2+ffmpeg-3+ffmpeg-4+libsodium+libvpx-1_6+zeromq