]> code.ossystems Code Review - openembedded-core.git/commit
Code Review / openembedded-core.git / commit
? search:
summary | shortlog | log | commit | commitdiff | review | tree
(parent: 6285410) | patch
gst-ffmpeg: fix for Security Advisory CVE-2014-2099
authorYue Tao <Yue.Tao@windriver.com>
Fri, 25 Apr 2014 08:26:00 +0000 (16:26 +0800)
committerRichard Purdie <richard.purdie@linuxfoundation.org>
Thu, 29 May 2014 12:42:12 +0000 (13:42 +0100)
commit5898f20bb2f38a91b2dd1b4cc4798fd960331a14
treea7c8a20a7562ba078d04d30dc36d17b94ccae7c9tree | snapshot
parent62854105de72f09dcffa08dbdc975e8f306a4a39commit | diff
gst-ffmpeg: fix for Security Advisory CVE-2014-2099

The msrle_decode_frame function in libavcodec/msrle.c in FFmpeg before
2.1.4 does not properly calculate line sizes, which allows remote
attackers to cause a denial of service (out-of-bounds array access) or
possibly have unspecified other impact via crafted Microsoft RLE video
data.

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2099

(From OE-Core rev: 3e27099f9aad1eb48412b07a18dcea398c18245b)

Signed-off-by: Yue Tao <Yue.Tao@windriver.com>
Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
meta/recipes-multimedia/gstreamer/gst-ffmpeg-0.10.13/0001-avcodec-msrle-use-av_image_get_linesize-to-calculate.patch [new file with mode: 0644] blob
meta/recipes-multimedia/gstreamer/gst-ffmpeg_0.10.13.bb diff | blob | history
Mirror of the official openembedded-core repository