‫ FFmpeg Multiple Vulnerabilities

IRCAD2013102912
 
ID: IRCAD2013102912
Release Date: 2013-09-25
Criticality level: Highly critical
 
Software:
FFmpeg 2.x
 
Description:
Some vulnerabilities have been reported in FFmpeg, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise an application using the library.
1) Some errors within the "ff_vc1_decode_init_alloc_tables()" function (libavcodec/vc1dec.c) can be exploited to exhaust available memory.
2) An integer overflow error within the "decode_frame()" function (libavcodec/wnv1.c) can be exploited to cause a heap-based buffer overflow.
3) A boundary error within the "ea_read_packet()" function (libavformat/electronicarts.c) can be exploited to trigger an out-of-bounds memory read access and subsequently cause a crash.
 
Solution
Fixed in the git repository.
 
References:
 
Secunia:
 

نظرات

بدون نظر
شما برای نظر دادن باید وارد شوید

نوشته

 
تاریخ ایجاد: 13 مهر 1392

امتیاز

امتیاز شما
تعداد امتیازها:0