[v2.7] ffmpeg: buffer overflow and out of array access (CVE-2014-5271 CVE-2014-5272)
Two upstream fixes were issued in the ffmpeg master branch. The commits are availible in the upstream.
proresenc_kostya: report buffer overflow:
If the allocated size, despite best efforts, is too small, exit with the
appropriate error.
avcodec/iff: check pixfmt for rgb8 / rgbn:
Fixes out of array access.
Found-by: Piotr Bandurski <ami_stuff@o2.pl>
References:
COMMIT:
http://git.videolan.org/?p=ffmpeg.git;a=commit;h=52b81ff4635c077b2bc8b8d3637d933b6629d803
COMMIT:
http://git.videolan.org/?p=ffmpeg.git;a=commit;h=3539d6c63a16e1b2874bb037a86f317449c58770
COFIRM: http://seclists.org/oss-sec/2014/q3/387
(from redmine: issue id 3317, created on 2014-08-27, closed on 2014-09-05)
- Relations:
- parent #3314 (closed)
- Changesets:
- Revision 5da3fcd4 by Natanael Copa on 2014-09-03T15:04:43Z:
main/ffmpeg: security fix (CVE-2014-5271,CVE-2014-5272)
fixes #3317