rpms / libmp4v2

Clone
Source Code
GIT

Files

  1.   b456f253474538b1dd8c244da0eeea8b726043ae
  2.   0007-Fix-Out-of-bounds-memory-access-in-MP4v2-2.0.0.patch
Blob Blame History Raw 
From a94a3372c6ef66a2276cc6cd92f7ec07a9c8bb6b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?S=C3=A9rgio=20M=2E=20Basto?= <sergio@serjux.com>
Date: Wed, 17 Oct 2018 16:13:06 +0100
Subject: [PATCH 07/10] Fix Out-of-bounds memory access in MP4v2 2.0.0

The bug can be fixed by more checks when doing type comparison.
Reference: https://www.openwall.com/lists/oss-security/2018/07/18/3

Addresses https://nvd.nist.gov/vuln/detail/CVE-2018-14403
---
 src/mp4util.cpp | 1 +
 1 file changed, 1 insertion(+)

diff --git a/src/mp4util.cpp b/src/mp4util.cpp
index 47bd74e..696dab4 100644
--- a/src/mp4util.cpp
+++ b/src/mp4util.cpp
@@ -46,6 +46,7 @@ bool MP4NameFirstMatches(const char* s1, const char* s2)
         s1++;
         s2++;
     }
+    if(*s2 != '[' && *s2 != '.' && *s2 != '\0') return false;
     return true;
 }
 
-- 
2.21.0
Powered by Pagure 5.14.1
DocumentationFile an IssueAbout this InstanceSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.