Sophie

Sophie

distrib > Mageia > 1 > i586 > media > core-updates-src > by-pkgid > 6988c923d007989602f730672aaeea1e > files > 9

avidemux-2.5.4-5.2.mga1.src.rpm

Description: fix denial of service and possible code execution via
 malformed file containing VP3 stream
Origin: upstream, http://git.videolan.org/?p=ffmpeg.git;a=commit;h=eef5c35b4352ec49ca41f6198bee8a976b1f81e5

Index: ffmpeg-0.6/libavcodec/vp3.c
===================================================================
--- ffmpeg-0.6.orig/libavcodec/vp3.c	2011-12-21 10:43:00.560448965 -0500
+++ ffmpeg-0.6/libavcodec/vp3.c	2011-12-21 10:43:15.920449446 -0500
@@ -1285,6 +1285,10 @@
         case 1: // zero run
             s->dct_tokens[plane][i]++;
             i += (token >> 2) & 0x7f;
+            if(i>63){
+                av_log(s->avctx, AV_LOG_ERROR, "Coefficient index overflow\n");
+                return -1;
+            }
             block[perm[i]] = (token >> 9) * dequantizer[perm[i]];
             i++;
             break;

Perl :: Catalyst :: PostgreSQL :: RPM Valid HTML 4.01 Transitional