An integer overflow vulnerability was found in FFmpeg versions before 4.4.2 and before 5.0.1 in g729_parse() in llibavcodec/g729_parser.c when processing a specially crafted file. This issue leads to DoS. Reference: https://trac.ffmpeg.org/ticket/9651 Upstream patch: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=757da974b21833529cc41bdcc9684c29660cdfa8
Created nv-codec-headers tracking bugs for this issue: Affects: epel-all [bug 2076765] Affects: fedora-all [bug 2076767] Created python-mne tracking bugs for this issue: Affects: fedora-all [bug 2076768] Created qt5-qtwebengine tracking bugs for this issue: Affects: epel-all [bug 2076766] Affects: fedora-all [bug 2076769]
(In reply to Guilherme de Almeida Suckevicz from comment #1) > Created nv-codec-headers tracking bugs for this issue: > > Affects: epel-all [bug 2076765] > Affects: fedora-all [bug 2076767] > You should have filed the nv-codec-headers reports against ffmpeg, I have reassigned them.
Also 5.0.1 has the commit that fixes the issue https://git.ffmpeg.org/gitweb/ffmpeg.git/shortlog/refs/heads/release/5.0
This CVE Bugzilla entry is for community support informational purposes only as it does not affect a package in a commercially supported Red Hat product. Refer to the dependent bugs for status of those individual community products.
Both ffmpeg version 5.0.1 (https://git.ffmpeg.org/gitweb/ffmpeg.git/shortlog/refs/tags/n5.0.1) and 4.4.2 (https://git.ffmpeg.org/gitweb/ffmpeg.git/shortlog/refs/tags/n4.4.2) contains the fix commit 757da974b21833529cc41bdcc9684c29660cdfa8. Can we update the CVE's affected range to reflect this?
Done.