From: Peter Korsgaard <peter@korsgaard.com>
To: buildroot@busybox.net
Subject: [Buildroot] [PATCH 1/1] package/mp4v2: security bump to version 4.1.3
Date: Fri, 29 May 2020 22:07:53 +0200 [thread overview]
Message-ID: <871rn2o67a.fsf@dell.be.48ers.dk> (raw)
In-Reply-To: <20200515211327.15078-1-fontaine.fabrice@gmail.com> (Fabrice Fontaine's message of "Fri, 15 May 2020 23:13:27 +0200")
>>>>> "Fabrice" == Fabrice Fontaine <fontaine.fabrice@gmail.com> writes:
> - Switch site to an active fork
> - Send patch upstream
> - Update indentation in hash file (two spaces)
> - Fix the following CVEs:
> - CVE-2018-14054: A double free exists in the MP4StringProperty class
> in mp4property.cpp in MP4v2 2.0.0. A dangling pointer is freed again
> in the destructor once an exception is triggered.
> Fixed by
> https://github.com/TechSmith/mp4v2/commit/f09cceeee5bd7f783fd31f10e8b3c440ccf4c743
> - CVE-2018-14325: In MP4v2 2.0.0, there is an integer underflow (with
> resultant memory corruption) when parsing MP4Atom in mp4atom.cpp.
> Fixed by
> https://github.com/TechSmith/mp4v2/commit/e475013c6ef78093055a02b0d035eda0f9f01451
> - CVE-2018-14326: In MP4v2 2.0.0, there is an integer overflow (with
> resultant memory corruption) when resizing MP4Array for the ftyp
> atom in mp4array.h.
> Fixed by
> https://github.com/TechSmith/mp4v2/commit/70d823ccd8e2d7d0ed9e62fb7e8983d21e6acbeb
> - CVE-2018-14379: MP4Atom::factory in mp4atom.cpp in MP4v2 2.0.0
> incorrectly uses the MP4ItemAtom data type in a certain case where
> MP4DataAtom is required, which allows remote attackers to cause a
> denial of service (memory corruption) or possibly have unspecified
> other impact via a crafted MP4 file, because access to the data
> structure has different expectations about layout as a result of
> this type confusion.
> Fixed by
> https://github.com/TechSmith/mp4v2/commit/73f38b4296aeb38617fa3923018bb78671c3b833
> - CVE-2018-14403: MP4NameFirstMatches in mp4util.cpp in MP4v2 2.0.0
> mishandles substrings of atom names, leading to use of an
> inappropriate data type for associated atoms. The resulting type
> confusion can cause out-of-bounds memory access.
> Fixed by
> https://github.com/TechSmith/mp4v2/commit/51cb6b36f6c8edf9f195d5858eac9ba18b334a16
> Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Committed, thanks.
--
Bye, Peter Korsgaard
next prev parent reply other threads:[~2020-05-29 20:07 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-05-15 21:13 [Buildroot] [PATCH 1/1] package/mp4v2: security bump to version 4.1.3 Fabrice Fontaine
2020-05-29 20:07 ` Peter Korsgaard [this message]
2020-06-01 20:18 ` Peter Korsgaard
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=871rn2o67a.fsf@dell.be.48ers.dk \
--to=peter@korsgaard.com \
--cc=buildroot@busybox.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.