‫ FFmpeg Two Vulnerabilities

IRCAD2013032574
ID: IRCAD2013032574
Release Date: 2013-03-13
Criticality level: Highly critical
Software:
FFmpeg 1.x
Description:
Two vulnerabilities have been reported in FFmpeg, which can be exploited by malicious people to cause a DoS (Denial of Service) and compromise an application using the library.
1) An error within the "msrle_decode_8_16_24_32()" function (libavcodec/msrledec.c) when decoding Microsoft RLE encoded data can be exploited to cause an out of array access violation.
2) An integer overflow error within the "iff_read_header()" function (libavformat/iff.c) when parsing CMAP chunks can be exploited to cause a heap-based buffer overflow via a specially crafted header.
Successful exploitation of this vulnerability may allow execution of arbitrary code.
The vulnerabilities are reported in versions 1.1.3 and prior.
Solution
Fixed in the GIT repository.
References:
Secunia
http://secunia.com/advisories/52594/

نظرات

بدون نظر
شما برای نظر دادن باید وارد شوید

نوشته

 
تاریخ ایجاد: 25 اسفند 1391

امتیاز

امتیاز شما
تعداد امتیازها:0