[FFmpeg-devel] FFmpeg Vulnerable to Denial-of-Service (DoS) via Heap-Based Buffer Overflow in 'cbs_jpeg.c' File
Michael Niedermayer
michael at niedermayer.cc
Fri May 22 22:35:29 EEST 2020
On Fri, May 22, 2020 at 10:02:40AM +0000, Narayanaswamy, Raghu wrote:
> Hi,
>
>
>
> I heard that, security fix is already there on the master branch[*] and will most likely be backported to the coming release 4.2.3, together with many other fixes.
>
>
>
> I have following queries.
>
> 1. In master branch ffversion.h version remains as "#define FFMPEG_VERSION "n4.2.1"", even though current release version is 4.2.2
There is no such file in master
git show master:libavutil/ffversion.h
fatal: Path 'libavutil/ffversion.h' exists on disk, but not in 'master'.
The file is created during build
>
> 1. Is there any issue that if fix is taken directly from Master, does it mean it is not sufficiently tested/validated for Production use?
> 2. When is the scheduled release date for 4.2.3?
4.2.3 was released on 2020-05-21
as listed on our downaload page
Thanks
[...]
--
Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB
Awnsering whenever a program halts or runs forever is
On a turing machine, in general impossible (turings halting problem).
On any real computer, always possible as a real computer has a finite number
of states N, and will either halt in less than N cycles or never halt.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: not available
URL: <https://ffmpeg.org/pipermail/ffmpeg-devel/attachments/20200522/4b36dccc/attachment.sig>
More information about the ffmpeg-devel
mailing list