Skip to main content

FFmpeg Multiple Vulnerabilities

Last Update Date: 10 Apr 2012 14:15 Release Date: 10 Apr 2012 6175 Views

RISK: Medium Risk

TYPE: Clients - Audio & Video

TYPE: Audio & Video

Multiple vulnerabilities have been identified in FFmpeg, which can be exploited by malicious people to compromise an application using the library.

  1. A format string error exists within the "srt_to_ass()" function (libavcodec/srtdec.c) when parsing certain parameters.
  2. An integer overflow error exists within the "dirac_unpack_block_motion_data()" function (libavcodec/diracdec.c) when handling certain motion data.
  3. An integer overflow error exists within the "sws_init_context()" function (libswscale/utils.c) when decoding certain scale data.

Successful exploitation of the vulnerabilities may allow execution of arbitrary code.


Impact

  • Remote Code Execution

System / Technologies affected

  • FFmpeg versions prior to 0.10.1.

Solutions

  • Update to version 0.10.1 or later.

Vulnerability Identifier

  • No CVE information is available

Source


Related Link