OpenH264: ASan global-buffer-overflow in WelsDec::CavlcGetTrailingOnesAndTotalCoeff

RESOLVED FIXED

Status

External Software Affecting Firefox
OpenH264
RESOLVED FIXED
3 years ago
2 years ago

People

(Reporter: tsmith, Unassigned)

Tracking

(Blocks: 2 bugs, {csectype-bounds, sec-critical, testcase})

Firefox Tracking Flags

(Not tracked)

Details

Attachments

(2 attachments, 1 obsolete attachment)

(Reporter)

Description

3 years ago
Created attachment 8634494 [details]
call_stack.txt
(Reporter)

Updated

3 years ago
Assignee: infra → nobody
Group: mozilla-employee-confidential → core-security
Component: Infrastructure: OpenVPN → OpenH264
Product: Infrastructure & Operations → Plugins
QA Contact: jdow
Version: other → unspecified
(Reporter)

Comment 1

3 years ago
Created attachment 8634496 [details]
test_case.264

Updated

3 years ago
Depends on: 1170319

Comment 2

3 years ago
This bug has been fixed in the latest version of openh264 master branch.
(Reporter)

Comment 3

3 years ago
Created attachment 8636641 [details]
call_stack_f30ad4e.txt

This issue is still reproducible with https://github.com/cisco/openh264/commit/f30ad4e512e84a1376f5223f9a450c075e0b0df9
Attachment #8634494 - Attachment is obsolete: true
Keywords: sec-critical

Comment 4

3 years ago
This doesn't affect the v1.4-Firefox38 branch.
Status: NEW → RESOLVED
Last Resolved: 3 years ago
Resolution: --- → FIXED

Updated

3 years ago
Group: core-security → core-security-release
Group: core-security-release
You need to log in before you can comment on or make changes to this bug.