FFmpeg Multiple Vulnerabilities
Last Update Date:
11 Mar 2014 10:30
Release Date:
11 Mar 2014
3867
Views
RISK: Medium Risk
TYPE: Clients - Audio & Video
Multiple vulnerabilities have been identified in FFmpeg, which can be exploited by malicious people to cause a DoS (Denial of Service) and compromise an application using the library.
- An error in the "tak_decode_frame()" function (libavcodec/takdec.c) can be exploited to cause an out-of-bounds memory access.
- Some errors related to certain decoding structure (libavcodec/wmalosslessdec.c) can be exploited to cause memory corruptions.
- An error in the "msrle_decode_frame()" function (libavcodec/msrle.c) can be exploited to cause an out-of-bounds memory access.
Successful exploitation of vulnerability #2 may allow execution of arbitrary code.
Impact
- Denial of Service
- Remote Code Execution
System / Technologies affected
- FFmpeg 1.x
Solutions
Before installation of the software, please visit the software manufacturer web-site for more details.
- Update to version 1.1.9 or 1.2.6.
Vulnerability Identifier
Source
Related Link
Share with