FFmpeg Multiple Vulnerabilities

Last Update Date: 11 Mar 2014 10:30 Release Date: 11 Mar 2014 3711 Views

RISK: Medium Risk

Medium Risk

TYPE: Clients - Audio & Video

TYPE: Audio & Video

Multiple vulnerabilities have been identified in FFmpeg, which can be exploited by malicious people to cause a DoS (Denial of Service) and compromise an application using the library.

  1. An error in the "tak_decode_frame()" function (libavcodec/takdec.c) can be exploited to cause an out-of-bounds memory access.
  2. Some errors related to certain decoding structure (libavcodec/wmalosslessdec.c) can be exploited to cause memory corruptions.
  3. An error in the "msrle_decode_frame()" function (libavcodec/msrle.c) can be exploited to cause an out-of-bounds memory access.

Successful exploitation of vulnerability #2 may allow execution of arbitrary code.

Impact

  • Denial of Service
  • Remote Code Execution

System / Technologies affected

  • FFmpeg 1.x

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.

  • Update to version 1.1.9 or 1.2.6.

Vulnerability Identifier

Source

Related Link

Share with

Previous

Wireshark Multiple Vulnerabilities

11 Mar 2014 3648 Views

Next

eClass SQL injection vulnerability

11 Mar 2014 4199 Views

We use cookies to give you the best possible experience on our website. By continuing to browse this site, you give consent for cookies to be used. For more details please read our Cookie Policy.

PRIVACY POLICY