FFmpeg Multiple Vulnerabilities

Last Update Date: 26 Sep 2013 16:38 Release Date: 26 Sep 2013 3789 Views

RISK: Medium Risk

Medium Risk

TYPE: Clients - Audio & Video

TYPE: Audio & Video

Multiple vulnerabilities have been identified in FFmpeg, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise an application using the library.

  1. Some errors within the "ff_vc1_decode_init_alloc_tables()" function (libavcodec/vc1dec.c) can be exploited to exhaust available memory.
  2. An integer overflow error within the "decode_frame()" function (libavcodec/wnv1.c) can be exploited to cause a heap-based buffer overflow.
  3. A boundary error within the "ea_read_packet()" function (libavformat/electronicarts.c) can be exploited to trigger an out-of-bounds memory read access and subsequently cause a crash.

Impact

  • Denial of Service
  • Remote Code Execution

System / Technologies affected

  • FFmpeg 2.x

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.

  • Fixed in the git repository.

Vulnerability Identifier

  • No CVE information is available

Source

Related Link

Share with

Previous

Cisco IOS Multiple Vulnerabilities

26 Sep 2013 4139 Views

Next

ProFTPD SFTP Integer Overflow vulnerability

30 Sep 2013 3937 Views

We use cookies to give you the best possible experience on our website. By continuing to browse this site, you give consent for cookies to be used. For more details please read our Cookie Policy.

PRIVACY POLICY