Bug 998459 - (CVE-2016-7393) VUL-0: CVE-2016-7393: libav: out-of-bounds stack read
(CVE-2016-7393)
VUL-0: CVE-2016-7393: libav: out-of-bounds stack read
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P3 - Medium : Normal
: ---
Assigned To: Security Team bot
Security Team bot
https://smash.suse.de/issue/172508/
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2016-09-12 19:46 UTC by Victor Pereira
Modified: 2020-04-30 15:08 UTC (History)
2 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Victor Pereira 2016-09-12 19:46:57 UTC
CVE-2016-7393

A crafted file causes a stack-based buffer overflow. The ASan report may be confused because it mentions get_bits, but the issue is in aac_sync.
This issue was discovered the past year, I reported it to Luca Barbato privately and I didn’t follow the state.
Before I made the report, the bug was noticed by Janne Grunau because the fate test reported a failure, then he fixed it, but at that time there wasn’t stable release(s) that included the fix.

This bug was found with American Fuzzy Lop.
This bug does not affect ffmpeg.
A same fix, was applied to another part of (similar) code in the ac3_parser.c file.

References:
https://git.libav.org/?p=libav.git;a=commit;h=fb1473080223a634b8ac2cca48a632d037a0a69d
https://blogs.gentoo.org/ago/2016/08/20/libav-stack-based-buffer-overflow-in-aac_sync-aac_parser-c/
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-7393
http://seclists.org/oss-sec/2016/q3/477
Comment 1 Swamp Workflow Management 2016-09-12 22:00:13 UTC
bugbot adjusting priority
Comment 2 Alexandros Toptsoglou 2020-04-30 15:08:51 UTC
Fixed in Leap 15.1 closing