An integer signedness error, leading to out-of-bounds buffer read
was found in the way libvpx, VP8 Video Codec SDK, decoded certain
VP8 video frames. A remote attacker could trick a local victim
into opening a specially-crafted WebM video file in an application,
using libvpx library, leading to denial of service (particular
Upstream changeset (not definitely sure, needs confirmation):
This issue affects the version of the libvpx package, as shipped
with Red Hat Enterprise Linux 6.
This issue does NOT affect the versions of the libvpx package, as
shipped with Fedora release of 13 and 14 (version of libvpx package
in those releases is newer and already contains the fix).
Also, if I am reading the original Google Chrome report correctly:
there were two issues:
a, memory corruption flaw (CVE-2010-4203, comment #0, description of )
b, a fix for invalid read regression:
introduced by fix for CVE-2010-4203.
Projecting this into libvpx changeset:
a, should correspond to:
then b, to:
http://review.webmproject.org/#change,1098 (contains three patchsets)
It indeed looks like I applied the wrong patch...
So yes, we need patch iii) and not patch i) that I applied.
Red Hat Product Security has rated this issue as having Low security impact. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.