An integer signedness error, leading to out-of-bounds buffer read was found in the way libvpx, VP8 Video Codec SDK, decoded certain VP8 video frames. A remote attacker could trick a local victim into opening a specially-crafted WebM video file in an application, using libvpx library, leading to denial of service (particular application crash). References: [1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4489 [2] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=610510 [3] http://code.google.com/p/chromium/issues/detail?id=61653#c51 Upstream changeset (not definitely sure, needs confirmation): [4] http://review.webmproject.org/#change,1098
This issue affects the version of the libvpx package, as shipped with Red Hat Enterprise Linux 6. -- This issue does NOT affect the versions of the libvpx package, as shipped with Fedora release of 13 and 14 (version of libvpx package in those releases is newer and already contains the fix).
Also, if I am reading the original Google Chrome report correctly: [5] http://code.google.com/p/chromium/issues/detail?id=61653 there were two issues: a, memory corruption flaw (CVE-2010-4203, comment #0, description of [5]) b, a fix for invalid read regression: http://code.google.com/p/chromium/issues/detail?id=61653#c51 introduced by fix for CVE-2010-4203. Projecting this into libvpx changeset: a, should correspond to: https://review.webmproject.org/#change,928 then b, to: http://review.webmproject.org/#change,1098 (contains three patchsets)
It indeed looks like I applied the wrong patch... So yes, we need patch iii) and not patch i) that I applied.
Statement: Red Hat Product Security has rated this issue as having Low security impact. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.