"-Synchronized-Data."

2025-06-19 17:32:41 +00:00 · 2021-01-04 20:01:45 +00:00 · 2021-01-04 20:01:45 +00:00 · 747e9ec550
commit 747e9ec550
parent 764ae609ee
5 changed files with 34 additions and 4 deletions
--- a/2017/14xxx/CVE-2017-14169.json
+++ b/2017/14xxx/CVE-2017-14169.json
@ -34,7 +34,7 @@
        "description_data": [
            {
                "lang": "eng",
-                "value": "In the mxf_read_primer_pack function in libavformat/mxfdec.c in FFmpeg 3.3.3, an integer signedness error might occur when a crafted file, which claims a large \"item_num\" field such as 0xffffffff, is provided. As a result, the variable \"item_num\" turns negative, bypassing the check for a large value."
+                "value": "In the mxf_read_primer_pack function in libavformat/mxfdec.c in FFmpeg 3.3.3 -> 2.4, an integer signedness error might occur when a crafted file, which claims a large \"item_num\" field such as 0xffffffff, is provided. As a result, the variable \"item_num\" turns negative, bypassing the check for a large value."
            }
        ]
    },
@ -71,6 +71,11 @@
                "name": "DSA-3996",
                "refsource": "DEBIAN",
                "url": "http://www.debian.org/security/2017/dsa-3996"
+            },
+            {
+                "refsource": "CONFIRM",
+                "name": "https://github.com/FFmpeg/FFmpeg/commit/a4e85b2e1c8d5b4bf0091157bbdeb0e457fb7b8f",
+                "url": "https://github.com/FFmpeg/FFmpeg/commit/a4e85b2e1c8d5b4bf0091157bbdeb0e457fb7b8f"
            }
        ]
    }
--- a/2019/9xxx/CVE-2019-9721.json
+++ b/2019/9xxx/CVE-2019-9721.json
@ -34,7 +34,7 @@
        "description_data": [
            {
                "lang": "eng",
-                "value": "A denial of service in the subtitle decoder in FFmpeg 4.1 allows attackers to hog the CPU via a crafted video file in Matroska format, because handle_open_brace in libavcodec/htmlsubtitles.c has a complex format argument to sscanf."
+                "value": "A denial of service in the subtitle decoder in FFmpeg 3.2 and 4.1 allows attackers to hog the CPU via a crafted video file in Matroska format, because handle_open_brace in libavcodec/htmlsubtitles.c has a complex format argument to sscanf."
            }
        ]
    },
@ -66,6 +66,11 @@
                "refsource": "UBUNTU",
                "name": "USN-3967-1",
                "url": "https://usn.ubuntu.com/3967-1/"
+            },
+            {
+                "refsource": "MISC",
+                "name": "https://github.com/FFmpeg/FFmpeg/commit/273f2755ce8635d42da3cde0eeba15b2e7842774",
+                "url": "https://github.com/FFmpeg/FFmpeg/commit/273f2755ce8635d42da3cde0eeba15b2e7842774"
            }
        ]
    }
--- a/2020/13xxx/CVE-2020-13765.json
+++ b/2020/13xxx/CVE-2020-13765.json
@ -34,7 +34,7 @@
        "description_data": [
            {
                "lang": "eng",
-                "value": "rom_copy() in hw/core/loader.c in QEMU 4.1.0 does not validate the relationship between two addresses, which allows attackers to trigger an invalid memory copy operation."
+                "value": "rom_copy() in hw/core/loader.c in QEMU 4.0 and 4.1.0 does not validate the relationship between two addresses, which allows attackers to trigger an invalid memory copy operation."
            }
        ]
    },
@ -81,6 +81,11 @@
                "refsource": "UBUNTU",
                "name": "USN-4467-1",
                "url": "https://usn.ubuntu.com/4467-1/"
+            },
+            {
+                "refsource": "MISC",
+                "name": "https://github.com/qemu/qemu/commit/4f1c6cb2f9afafda05eab150fd2bd284edce6676",
+                "url": "https://github.com/qemu/qemu/commit/4f1c6cb2f9afafda05eab150fd2bd284edce6676"
            }
        ]
    }
--- a/2020/13xxx/CVE-2020-13904.json
+++ b/2020/13xxx/CVE-2020-13904.json
@ -34,7 +34,7 @@
        "description_data": [
            {
                "lang": "eng",
-                "value": "FFmpeg 4.2.3 has a use-after-free via a crafted EXTINF duration in an m3u8 file because parse_playlist in libavformat/hls.c frees a pointer, and later that pointer is accessed in av_probe_input_format3 in libavformat/format.c."
+                "value": "FFmpeg 2.8 and 4.2.3 has a use-after-free via a crafted EXTINF duration in an m3u8 file because parse_playlist in libavformat/hls.c frees a pointer, and later that pointer is accessed in av_probe_input_format3 in libavformat/format.c."
            }
        ]
    },
@ -81,6 +81,11 @@
                "refsource": "GENTOO",
                "name": "GLSA-202007-58",
                "url": "https://security.gentoo.org/glsa/202007-58"
+            },
+            {
+                "refsource": "MISC",
+                "name": "https://github.com/FFmpeg/FFmpeg/commit/6959358683c7533f586c07a766acc5fe9544d8b2",
+                "url": "https://github.com/FFmpeg/FFmpeg/commit/6959358683c7533f586c07a766acc5fe9544d8b2"
            }
        ]
    }
--- a/2020/8xxx/CVE-2020-8908.json
+++ b/2020/8xxx/CVE-2020-8908.json
@ -101,6 +101,16 @@
                "refsource": "MLIST",
                "name": "[ws-commits] 20210104 [ws-wss4j] branch 2_3_x-fixes updated: Updating Guava to 30.1 due to CVE-2020-8908",
                "url": "https://lists.apache.org/thread.html/r215b3d50f56faeb2f9383505f3e62faa9f549bb23e8a9848b78a968e@%3Ccommits.ws.apache.org%3E"
+            },
+            {
+                "refsource": "MLIST",
+                "name": "[cxf-commits] 20210104 [cxf] 03/04: Updating Guava to 30.1 due to CVE-2020-8908",
+                "url": "https://lists.apache.org/thread.html/rb8c0f1b7589864396690fe42a91a71dea9412e86eec66dc85bbacaaf@%3Ccommits.cxf.apache.org%3E"
+            },
+            {
+                "refsource": "MLIST",
+                "name": "[cxf-commits] 20210104 [cxf] 02/02: Updating Guava to 30.1 due to CVE-2020-8908",
+                "url": "https://lists.apache.org/thread.html/r4776f62dfae4a0006658542f43034a7fc199350e35a66d4e18164ee6@%3Ccommits.cxf.apache.org%3E"
            }
        ]
    },