Closed
Bug 1446365
(CVE-2018-5147)
Opened 7 years ago
Closed 7 years ago
Out of bounds write in libtremor
Categories
(Core :: Audio/Video, enhancement)
Core
Audio/Video
Tracking
()
People
(Reporter: dveditz, Assigned: TD-Linux)
References
Details
(Keywords: csectype-bounds, sec-critical, Whiteboard: [Pwn2Own 2018])
+++ This bug was initially created as a clone of Bug #1446062 +++
Huzaifa Sidhpurwala reported that libtremors has the same problem as the original bug 1446062 in libvorbis (See bug 1446062 comment 26). This was patched as a continuation of that bug. CVE rules seem to require a separate CVE for the separate implementation (products could have one and not be affected by the other) so I'm creating this as a placeholder.
The patch is attachment 8959436 [details] [diff] [review]
|
Reporter | |
Comment 1•7 years ago
|
||
| uplift | ||
https://hg.mozilla.org/mozilla-central/rev/d3ce388dd3c0d3c7be7df26d5d4de3a0e40c57f3
https://hg.mozilla.org/releases/mozilla-beta/rev/0ae512558ada8254d73fc982c581ffe481c11b20
https://hg.mozilla.org/releases/mozilla-release/rev/edcc878881482a30db0710c167f090819fa6c0f0
https://hg.mozilla.org/releases/mozilla-esr52/rev/5cd5586a2f48424a9031a3fa4c782954a9df9a52
Alias: CVE-2018-5147
Status: NEW → RESOLVED
Closed: 7 years ago
status-firefox59:
--- → fixed
status-firefox60:
--- → fixed
status-firefox61:
--- → fixed
status-firefox-esr52:
--- → fixed
tracking-firefox59:
--- → blocking
tracking-firefox60:
--- → +
tracking-firefox61:
--- → +
tracking-firefox-esr52:
--- → 59+
Resolution: --- → FIXED
|
||
Updated•7 years ago
|
Assignee: nobody → tdaede
Target Milestone: --- → mozilla61
Summary: Out of bounds write in libtremors → Out of bounds write in libtremor
|
|
Reporter | |
Updated•6 years ago
|
Group: core-security-release
You need to log in
before you can comment on or make changes to this bug.
Description
•