Hi, 2014-08-10 11:59 GMT+02:00 Christophe Gisquet <christophe.gisq...@gmail.com>: > This fixes ticket #3839.
By the way, not completely sure, but that is probably exploitable (I am not a security expert): - indicate large cropping in the header; this will cause an overrun of probably (max_ctb_size-1) lines (ie ~118KB for a 1920x??? sequence) - the memcpy will then copy data past the buffer for the aforementioned overrun; - if the stream uses icpm, you can put arbitrary data in the stream if I'm not mistaken. -- Christophe _______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-devel
