Skip to main content

FFmpeg Multiple Vulnerabilities

Last Update Date: 15 Oct 2013 16:19 Release Date: 15 Oct 2013 3847 Views

RISK: Medium Risk

TYPE: Clients - Audio & Video

TYPE: Audio & Video

Some vulnerabilities have been reported in FFmpeg, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise an application using the library.

  1. Some errors within libavcodec/vmnc.c can be exploited to cause out of bounds read memory accesses.
  2. Some integer overflow errors within the "decode_frame()" function (libavcodec/vmnc.c) can be exploited to cause heap-based buffer overflows.

Successful exploitation of vulnerability #2 may allow execution of arbitrary code.


Impact

  • Denial of Service
  • Remote Code Execution

System / Technologies affected

  • FFmpeg 2.x

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.

  • Fixed in the git repository

Vulnerability Identifier

  • No CVE information is available

Source


Related Link