CLD-431 Details
Other IDs this deficiency may be known by:
Basic Information:
Affected Package(s) |
ffmpeg |
Deficiency Type |
SECURITY |
Date Created |
2018-06-15 13:40:08 |
Date Last Modified |
2018-06-15 16:24:36 |
Version Specific Information:
Cucumber 1.0 i686 | waiting for upstream to publish patch |
Cucumber 1.0 x86_64 | waiting for upstream to publish patch |
Cucumber 1.1 i686 |
waiting for upstream to publish patch |
Cucumber 1.1 x86_64 |
waiting for upstream to publish patch |
Details:
Fixed in commit
https://github.com/FFmpeg/FFmpeg/commit/b3332a182f8ba33a34542e4a0370f38b914ccf7d.
This vulnerability was fixed by changing the condition in the if statement that
determined if 'c->idct_put' was set to 'ff_simple_idct_put_int32_10bit' or
'ff_simple_idct_put_int16_10bit'. In ffmpeg 3.3, this variable is
unconditionally set to 'ff_simple_idct_put_10', so it is unclear if this
version is even vulnerable in the first place. If it is, this patch is not
easily backportable.
We will wait to see what upstream does.