An integer overflow vulnerability was found in FFmpeg versions before 4.4.2 and before 5.0.1 in g729_parse() in llibavcodec/g729_parser.c when processing a specially crafted file. This issue leads to DoS.
Created nv-codec-headers tracking bugs for this issue:
Affects: epel-all [bug 2076765]
Affects: fedora-all [bug 2076767]
Created python-mne tracking bugs for this issue:
Affects: fedora-all [bug 2076768]
Created qt5-qtwebengine tracking bugs for this issue:
Affects: epel-all [bug 2076766]
Affects: fedora-all [bug 2076769]
(In reply to Guilherme de Almeida Suckevicz from comment #1)
> Created nv-codec-headers tracking bugs for this issue:
> Affects: epel-all [bug 2076765]
> Affects: fedora-all [bug 2076767]
You should have filed the nv-codec-headers reports against ffmpeg, I have reassigned them.
Also 5.0.1 has the commit that fixes the issue
This CVE Bugzilla entry is for community support informational purposes only as it does not affect a package in a commercially supported Red Hat product. Refer to the dependent bugs for status of those individual community products.
Both ffmpeg version 5.0.1 (https://git.ffmpeg.org/gitweb/ffmpeg.git/shortlog/refs/tags/n5.0.1) and 4.4.2 (https://git.ffmpeg.org/gitweb/ffmpeg.git/shortlog/refs/tags/n4.4.2) contains the fix commit 757da974b21833529cc41bdcc9684c29660cdfa8. Can we update the CVE's affected range to reflect this?