Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2016-7450

The ff_log2_16bit_c function in libavutil/intmath.h in FFmpeg before 3.1.4 is vulnerable to reading out-of-bounds memory when it decodes a malformed AIFF file.

Related bugs and status

CVE-2016-7450 (Candidate) is related to these bugs:

Bug #1635443: Sync ffmpeg 7:3.1.5-1 (universe) from Debian unstable (main)

Summary				In	Importance	Status
	1635443	Sync ffmpeg 7:3.1.5-1 (universe) from Debian unstable (main)		ffmpeg (Ubuntu)	Wishlist	Fix Released

See the

CVE page on Mitre.org for more details.

References

MLIST: [oss-security] 2016100...
BID: 94841
GENTOO: GLSA-201701-71