FFmpeg Multiple Vulnerabilities
Last Update Date:
17 Jul 2013 12:57
Release Date:
17 Jul 2013
3336
Views
RISK: Medium Risk
TYPE: Clients - Audio & Video
Multiple vulnerabilities have been identified in FFmpeg, where some have an unknown impact and others can be exploited by malicious people to cause a DoS (Denial of Service).
- A NULL pointer dereference error within the "decode_mb_info()" function (libavcodec/indeo4.c) can be exploited to cause a crash.
- An out-of-bounds read error within the "decode_band_hdr()" function (libavcodec/indeo4.c) can be exploited to cause a crash.
- Another out-of-bounds read error within the "decode_band_hdr()" function (libavcodec/indeo4.c) can be exploited to cause a crash.
- Some errors exist when applying certain transform.
Impact
- Denial of Service
System / Technologies affected
- FFmpeg 2.x
Solutions
Before installation of the software, please visit the software manufacturer web-site for more details.
- Fixed in the GIT repository.
Vulnerability Identifier
- No CVE information is available
Source
Related Link
- http://git.videolan.org/?p=ffmpeg.git;a=commit;h=dc79685195a45c9b8b17d7b93d118e0aefa45462
- http://git.videolan.org/?p=ffmpeg.git;a=commit;h=cd78e934c246d1b2510f8fba0abfe40bb75795f6
- http://git.videolan.org/?p=ffmpeg.git;a=commit;h=6255ccf7d51c82ab79bf0cd47a921f572dda4489
- http://git.videolan.org/?p=ffmpeg.git;a=commit;h=8435bca087c0e79385763c51de009fd89390b6a5
- http://secunia.com/advisories/54164/
Share with