Skip to main content

FFmpeg Multiple Vulnerabilities

Last Update Date: 11 Mar 2014 10:30 Release Date: 11 Mar 2014 3867 Views

RISK: Medium Risk

TYPE: Clients - Audio & Video

TYPE: Audio & Video

Multiple vulnerabilities have been identified in FFmpeg, which can be exploited by malicious people to cause a DoS (Denial of Service) and compromise an application using the library.

  1. An error in the "tak_decode_frame()" function (libavcodec/takdec.c) can be exploited to cause an out-of-bounds memory access.
  2. Some errors related to certain decoding structure (libavcodec/wmalosslessdec.c) can be exploited to cause memory corruptions.
  3. An error in the "msrle_decode_frame()" function (libavcodec/msrle.c) can be exploited to cause an out-of-bounds memory access.

Successful exploitation of vulnerability #2 may allow execution of arbitrary code.


Impact

  • Denial of Service
  • Remote Code Execution

System / Technologies affected

  • FFmpeg 1.x

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.

  • Update to version 1.1.9 or 1.2.6.

Vulnerability Identifier


Source


Related Link