calculate
/
gentoo-overlay
6
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '2013'
${ noResults }
gentoo-overlay/media-libs/libmp4v2/files/libmp4v2-2.0.0-CVE-2018-144...

29 lines
949 B
Raw Permalink Blame History

Upstream: https://github.com/sergiomb2/libmp4v2/commit/a94a3372c6ef66a2276cc6cd92f7ec07a9c8bb6b
Gentoo Bug: https://bugs.gentoo.org/661582
From a94a3372c6ef66a2276cc6cd92f7ec07a9c8bb6b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?S=C3=A9rgio=20M=2E=20Basto?= <sergio@serjux.com>
Date: Wed, 17 Oct 2018 16:13:06 +0100
Subject: [PATCH] Fix Out-of-bounds memory access in MP4v2 2.0.0
The bug can be fixed by more checks when doing type comparison.
Reference: https://www.openwall.com/lists/oss-security/2018/07/18/3
Addresses https://nvd.nist.gov/vuln/detail/CVE-2018-14403
---
src/mp4util.cpp | 1 +
1 file changed, 1 insertion(+)
diff --git a/src/mp4util.cpp b/src/mp4util.cpp
index 47bd74e..696dab4 100644
--- a/src/mp4util.cpp
+++ b/src/mp4util.cpp
@@ -46,6 +46,7 @@ bool MP4NameFirstMatches(const char* s1, const char* s2)
s1++;
s2++;
}
+ if(*s2 != '[' && *s2 != '.' && *s2 != '\0') return false;
return true;
}
Reference in new issue View Git Blame Copy Permalink