[FFmpeg-trac] #5992(avformat:open): Heap-overflow in http.c results Remote Code Execution
FFmpeg
trac at avcodec.org
Mon Dec 5 11:51:35 EET 2016
#5992: Heap-overflow in http.c results Remote Code Execution
-------------------------------------+-------------------------------------
Reporter: paulch | Owner:
Type: defect | Status: open
Priority: critical | Component: avformat
Version: git-master | Resolution:
Keywords: http crash | Blocked By:
SIGSEGV | Reproduced by developer: 1
Blocking: |
Analyzed by developer: 0 |
-------------------------------------+-------------------------------------
Changes (by cehoyos):
* keywords: => http crash SIGSEGV
* status: new => open
* reproduced: 0 => 1
Comment:
Replying to [ticket:5992 paulch]:
> But for now simple quick fix could be making chunksize unsigned long
long.
I believe all valid bug reports on this bug tracker are very much
appreciated, no matter if security relevant or not but I don't understand
why you didn't send a patch with this change to the development mailing
list.
--
Ticket URL: <https://trac.ffmpeg.org/ticket/5992#comment:4>
FFmpeg <https://ffmpeg.org>
FFmpeg issue tracker
More information about the FFmpeg-trac
mailing list