Bugzilla – Bug 998636
VUL-0: CVE-2016-6920: ffmpeg: file Heap Overflow
Last modified: 2018-07-18 14:44:13 UTC
CVE-2016-6920 with help of AFL fuzzy tool, it was found a heap overflow on the file format exr. References: https://git.videolan.org/?p=ffmpeg.git;a=commit;h=01aee8148d4fa439cce678a11f5110656c98de1f http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-6920 http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-6920.html
bugbot adjusting priority
The fix is included in ffmpeg 3.1.3. Submitting updates for 2.x series.
This is an autogenerated message for OBS integration: This bug (998636) was mentioned in https://build.opensuse.org/request/show/430592 42.2 / ffmpeg https://build.opensuse.org/request/show/430612 Factory / ffmpeg2 https://build.opensuse.org/request/show/430614 42.2 / ffmpeg2 https://build.opensuse.org/request/show/430618 42.1 / ffmpeg
openSUSE-SU-2016:2463-1: An update that contains security fixes can now be installed. Category: security (moderate) Bug References: 998636 CVE References: Sources used: openSUSE Leap 42.1 (src): ffmpeg-2.8.8-19.1
This is an autogenerated message for OBS integration: This bug (998636) was mentioned in https://build.opensuse.org/request/show/623663 15.0+42.3+Backports:SLE-12-SP2 / chromium+codec2+ffmpeg-2+ffmpeg-3+ffmpeg-4+libsodium+libvpx-1_6+zeromq