FFmpeg Multiple Vulnerabilities

Last Update Date: 19 Feb 2014 11:24 Release Date: 19 Feb 2014 3180 Views

RISK: Medium Risk

Medium Risk

TYPE: Clients - Audio & Video

TYPE: Audio & Video

Multiple vulnerabilities have been identified in FFmpeg, which can be exploited by malicious people to cause a DoS (Denial of Service) and compromise an application using the library.

  1. An error within the "ff_init_buffer_info()" function (libavcodec/utils.c) can be exploited to cause an out-of-bounds memory access.
  2. A boundary error within the "read_var_block_data()" function (libavcodec/alsdec.c) can be exploited to cause an out-of-bounds write memory access.
  3. Some errors within the HEVC video decoder can be exploited to cause out-of-bounds memory accesses.

Impact

  • Denial of Service

System / Technologies affected

  • FFmpeg 2.x

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.

  • Fixed in the git repository.

Vulnerability Identifier

  • No CVE information is available

Source

Related Link

Share with

Previous

Symantec Endpoint Protection Manager Remote Code Execution Vulnerability

19 Feb 2014 3420 Views

Next

Microsoft Internet Explorer Use-After-Free Vulnerability

17 Feb 2014 3735 Views

We use cookies to give you the best possible experience on our website. By continuing to browse this site, you give consent for cookies to be used. For more details please read our Cookie Policy.

PRIVACY POLICY