[VIM] VLC vulnerability (no, not that one) and ffmpeg
Christey, Steven M.
coley at mitre.org
Wed Jul 10 11:43:54 CDT 2013
I've been looking into the VLC MKV issue and have been wondering about a DIFFERENT issue that's also being discussed, i.e. Secunia SA51464, which http://secunia.com/blog/372/ claims to be a use-after-free in FFmpeg, although SA51464 itself makes no mention of this. http://www.jbkempf.com/blog/post/2013/More-lies-from-Secunia also says "The crash is in libavformat/libavcodec libraries, from the FFmpeg/libav projects." Looks like libavformat/swfdec.c is patched, at least on the VLC side.
Has anybody dug more deeply? If this is really an upstream ffmpeg issue, has it already been published?
- Steve
More information about the VIM
mailing list