FFmpeg Multiple Vulnerabilities

Last Update Date: 31 Jan 2012 11:45 Release Date: 31 Jan 2012 5771 Views

RISK: Medium Risk

Medium Risk

TYPE: Clients - Audio & Video

TYPE: Audio & Video

Multiple vulnerabilities have been identified in FFmpeg, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise an application using the library.

  1. A boundary error within the DV decoder can be exploited to cause an out-of-bounds read via specially crafted media files.
  2. An NULL-pointer dereference error within the DV decoder can be exploited to cause a crash via specially crafted media files.
  3. A double-free error within the "vp3_update_thread_context()" function (libavcodec/vp3.c) can be exploited via specially crafted media files.
  4. An error within the "codec_get_buffer()" function (ffmpeg.c) can be exploited via specially crafted media files.
  5. An error within the "ff_h263_decode_frame()" function (libavformat/nsvdec.c) can be exploited via specially crafted media files.
  6. A boundary error within the "nsv_read_chunk()" function (libavformat/nsvdec.c) can be exploited to cause an out-of-bounds write via specially crafted media files.
  7. An error within the "decode_mb()" function (libavcodec/error_resilience.c) can be exploited to cause an out-of-bounds write via specially crafted media files.
  8. An error within the "smacker_decode_header_tree()" function (libavcodec/smacker.c) can be exploited via specially crafted media files.
  9. An error within the "decode_frame()" function (libavcodec/kgv1dec.c) can be exploited via specially crafted media files.
  10. An error within the H264 decoder can be exploited to cause an infinite loop via specially crafted media files.
  11. An error within the "read_offs()" function (libavcodec/mjpegbdec.c) can be exploited via specially crafted media files.
  12. An error within the "dirac_unpack_idwt_params()" function (libavcodec/diracdec.c) can be exploited via specially crafted media files.
  13. An error within the "dirac_decode_data_unit()" function (libavcodec/diracdec.c) can be exploited via specially crafted media files.
  14. An error within the "dpcm_decode_frame()" function (libavcodec/dpcm.c) can be exploited via specially crafted media files.
  15. An error within the "decode_init()" function (libavcodec/kmvc.c) can be exploited via specially crafted media files.
  16. An error within the "rv20_decode_picture_header()" function (libavcodec/rv10.c) can be exploited to cause a crash via specially crafted Matroska files.
  17. A NULL-pointer dereference error within the "decode_mb_info()" function (libavcodec/indeo5.c) can be exploited to cause a crash via specially crafted media files.

Impact

  • Denial of Service
  • Remote Code Execution

System / Technologies affected

  • FFmpeg 0.9.x and prior

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.

  • Update to version 0.10.

Vulnerability Identifier

Source

Related Link

Share with

Previous

Symantec pcAnywhere / IT Management Suite Multiple Vulnerabilities

26 Jan 2012 5326 Views

Next

Cisco IronPort Appliances telnetd Buffer Overflow Vulnerability

31 Jan 2012 5514 Views

We use cookies to give you the best possible experience on our website. By continuing to browse this site, you give consent for cookies to be used. For more details please read our Cookie Policy.

PRIVACY POLICY