Secunia CSI7
Advisories
Research
Forums
Create Profile
Our Commitment
Database
Search
Advisories by Product
Advisories by Vendor
Terminology
Report Vulnerability
Insecure Library Loading
Highly critical

FFmpeg Multiple Vulnerabilities

-

Release Date:  2013-07-08    Last Update:  2013-07-09    Views:  1,085

Secunia Advisory SA54044

Where:

From remote

Impact:

DoS, System access

Solution Status:

Vendor Workaround

Software:

CVE Reference(s):

No CVE references.

Description


Multiple vulnerabilities have been reported in FFmpeg, which can be exploited by malicious people to cause a DoS (Denial of Service) and compromise an application using the library.

1) An error within the "decode_subframe()" function (libavcodec/wmaprodec.c) can be exploited to cause a buffer overflow.

2) An error within the "save_bits()" function (libavcodec/wmaprodec.c) when saving packets can be exploited to cause a buffer overflow.

3) An error within the "ff_mjpeg_decode_frame()" function (libavcodec/mjpegdec.c) can be exploited to cause a buffer overflow.

4) A NULL pointer dereference error exists within the "ivi_process_empty_tile()" function (libavcodec/ivi_common.c) and can be exploited to cause a crash.

5) An error within the "decode_band()" function (libavcodec/ivi_common.c) when handling tile data can be exploited to corrupt memory.

6) A NULL pointer dereference error exists within the "jpeg2000_decode_tile()" function (libavcodec/jpeg2000dec.c) and can be exploited to cause a crash.

7) An out-of-bounds read error exists within the "jpeg2000_read_main_headers()" function (libavcodec/jpeg2000dec.c) when handling SOD markers and can be exploited to cause a crash.

8) An out-of-bounds read error exists within the "ff_jpeg2000_init_component()" function (libavcodec/jpeg2000.c) and can be exploited to cause a crash.

9) An out-of-bounds read error exists within the "get_cod()" function (libavcodec/jpeg2000dec.c) and can be exploited to cause a crash.

10) An out-of-bounds read error within the get_coc()" function (libavcodec/jpeg2000dec.c) can be exploited to cause a crash.

11) An out-of-bounds read error within the "get_qcc()" function (libavcodec/jpeg2000dec.c) can be exploited to cause a crash.

12) An out-of-bounds read error within the "jpeg2000_read_main_headers()" function (libavcodec/jpeg2000dec.c) can be exploited to cause a crash.

13) A double-free error within the "wsvqa_read_header()" function (libavformat/westwood_vqa.c) when handling extradata can be exploited to execute arbitrary code.

14) An error within the "vqa_decode_init()" function (libavcodec/vqavideo.c) can be exploited to cause a buffer overflow.

15) A NULL pointer dereference error within the "get_attachment()" function (libavformat/wtv.c) can be exploited to cause a crash.

16) An out-of-bounds read error within the "xchg_mb_border()" function (libavcodec/h264.c) can be exploited to cause a crash.

17) An off-by-one error within the "modified_levinson_durbin()" function (libavcodec/sonic.c) can be exploited to trigger an out-of-bounds write.


Solution:
Fixed in the GIT repository.

Provided and/or discovered by:
1 - 16) The vendor credits Mateusz "j00ru" Jurczyk and Gynvael Coldwind.
17) Reported by the vendor.

Original Advisory:
http://git.videolan.org/?p=ffmpeg.git;a=commit;h=38229362529ed1619d8ebcc81ecde85b23b45895
http://git.videolan.org/?p=ffmpeg.git;a=commit;h=e30b068ef79f604ff439418da07f7e2efd01d4ea
http://git.videolan.org/?p=ffmpeg.git;a=commit;h=6765ee7b9cba46818a45b051438b2552f0a1b70a
http://git.videolan.org/?p=ffmpeg.git;a=commit;h=b36e1893ef3430f039c1eaddeedcbb378f9c4444
http://git.videolan.org/?p=ffmpeg.git;a=commit;h=7388c0c58601477db076e2e74e8b11f8a644384a
http://git.videolan.org/?p=ffmpeg.git;a=commit;h=95a57d26d8653d21f0dab1aff3558ee944853dbf
http://git.videolan.org/?p=ffmpeg.git;a=commit;h=b564784a207b1395d2b5a41e580539df04651096
http://git.videolan.org/?p=ffmpeg.git;a=commit;h=78962d3df49afe5011b572656ecfe940bd5fbf2e
http://git.videolan.org/?p=ffmpeg.git;a=commit;h=cf04af2086be105ff86088357b83d672d38417d9
http://git.videolan.org/?p=ffmpeg.git;a=commit;h=eae63e3c156f784ee0612422f0c95131ea913c14
http://git.videolan.org/?p=ffmpeg.git;a=commit;h=fd54dd028bc9f7bfb80ebf823a533dc84b73f936
http://git.videolan.org/?p=ffmpeg.git;a=commit;h=76f5dfbfd902178df4a38221a68dc8540189345a
http://git.videolan.org/?p=ffmpeg.git;a=commit;h=c4abc9098cacb227dba39bac6aea16b2bceba0d0
http://git.videolan.org/?p=ffmpeg.git;a=commit;h=f5e646a00ac21e500dae4bcceded790a0fbc5246
http://git.videolan.org/?p=ffmpeg.git;a=commit;h=f27b22b4974c740f4c7b4140a793cac196179266
http://git.videolan.org/?p=ffmpeg.git;a=commit;h=ddefb80c95d88e88aeb7bc938d58c0389bb83b78

Deep Links:
Links available to Secunia VIM customers

Do you have additional information related to this advisory?

Please provide information about patches, mitigating factors, new versions, exploits, faulty patches, links, and other relevant data by posting comments to this Advisory. You can also send this information to vuln@secunia.com

Subject: FFmpeg Multiple Vulnerabilities

No posts yet

-

You must be logged in to post a comment.



 Products Solutions Customers Partner Resources Company
 
 Corporate
Vulnerability Intelligence Manager (VIM)
Corporate Software Inspector (CSI)
Consumer
Personal Software Inspector (PSI)
Online Software Inspector (OSI)
 Industry
Compliance
Technology
Integration
 Customers
Testimonials
 VARS
MSSP
Technology Partners
References
 Factsheets
Reports
Webinars
Events
 About us
Careers
Memberships
Newsroom


 
© 2002-2014 Secunia ApS - Rued Langgaards Vej 8, 4th floor, DK-2300 Copenhagen, Denmark - +45 7020 5144
Terms & Conditions and Copyright - Privacy - Report Vulnerability