Closed
Bug 1182718
Opened 9 years ago
Closed 9 years ago
OpenH264: ASan heap-buffer-overflow READ in WelsDec::GetAvilInfoFromCorrectMb
Categories
(Core :: Audio/Video: GMP, defect)
Core
Audio/Video: GMP
Tracking
()
RESOLVED
FIXED
People
(Reporter: tsmith, Unassigned)
References
(Blocks 1 open bug)
Details
(Keywords: csectype-bounds, sec-high, testcase)
Attachments
(3 files, 1 obsolete file)
Reporter | ||
Comment 1•9 years ago
|
||
tested openh264 branch v1.4-Firefox38, the bug is also in this branch.
This bug has been fixed in the latest version of openh264 master branch.
Reporter | ||
Comment 4•9 years ago
|
||
Fixed: Verified with https://github.com/cisco/openh264/commit/f30ad4e512e84a1376f5223f9a450c075e0b0df9
Updated•9 years ago
|
Group: core-security → media-core-security
Reporter | ||
Updated•9 years ago
|
Status: NEW → RESOLVED
Closed: 9 years ago
Resolution: --- → FIXED
Updated•9 years ago
|
Group: media-core-security → core-security-release
Reporter | ||
Comment 5•9 years ago
|
||
I came across this bug again while fuzzing https://github.com/cisco/openh264/commit/f9f2bbf805ebb82d0cc46dd79aade2dfb264f046
Group: core-security-release → media-core-security
Severity: normal → critical
Status: RESOLVED → REOPENED
Resolution: FIXED → ---
Reporter | ||
Comment 6•9 years ago
|
||
Attachment #8632374 -
Attachment is obsolete: true
Reporter | ||
Comment 7•9 years ago
|
||
We have fixed this bug in the master branch commit b37cda2 and openh264v1.5 branch commit d6b1680, please help to verify it.
Reporter | ||
Comment 9•9 years ago
|
||
Verified with commit b37cda2482.
Comment 10•9 years ago
|
||
Thanks, I'm marking it as resolved now.
Status: REOPENED → RESOLVED
Closed: 9 years ago → 9 years ago
Resolution: --- → FIXED
Updated•9 years ago
|
Group: media-core-security → core-security-release
Updated•8 years ago
|
Group: core-security-release
Assignee | ||
Updated•2 years ago
|
Component: OpenH264 → Audio/Video: GMP
Product: External Software Affecting Firefox → Core
You need to log in
before you can comment on or make changes to this bug.
Description
•