thr3ads.net - Secure testing team - [Secure-testing-team] Bug#610510: CVE-2010-4489: Integer Overflow in VP8 decoding leads to memory corruption [Jan 2011]

If this information is useful, please help other people find it:
Share via:

Giuseppe Iuculano

2011-Jan-19 10:11 UTC

[Secure-testing-team] Bug#610510: CVE-2010-4489: Integer Overflow in VP8 decoding leads to memory corruption

Package: libvpx
Severity: serious
Tags: security

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for libvpx.

CVE-2010-4489[0]:
| Google Chrome before 8.0.552.215 does not properly handle WebM video,
| which allows remote attackers to cause a denial of service
| (out-of-bounds read) via unspecified vectors.  NOTE: this vulnerability
| exists because of a regression.


Please ask upstream for an isolated patch for squeeze.
- From the chromium side, they fixed this isssue with the following commits:
http://src.chromium.org/viewvc/chrome?view=rev&revision=65287
http://src.chromium.org/viewvc/chrome/trunk/deps/third_party/libvpx/source/libvpx/vp8/vp8_dx_iface.c?r1=65147&r2=65287&pathrev=65287
http://src.chromium.org/viewvc/chrome/trunk/deps/third_party/libvpx/source/libvpx/vp8/decoder/decodframe.c?r1=65147&r2=65287&pathrev=65287


If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.

For further information see:

[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4489
    http://security-tracker.debian.org/tracker/CVE-2010-4489

Cheers,
Giuseppe

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iEYEARECAAYFAk02uNoACgkQNxpp46476ao4YQCeIqJuuWg6L1VSQz1iebm49sUz
ddEAn33+fQlL4Ytg7XglpS7SlGd3Z50W
=WEhI
-----END PGP SIGNATURE-----

Secure testing team - Jan 2011 - Bug#610510: CVE-2010-4489: Integer Overflow in VP8 decoding leads to memory corruption

[Secure-testing-team] Bug#610510: CVE-2010-4489: Integer Overflow in VP8 decoding leads to memory corruption