Secunia CSI7
Advisories
Research
Forums
Create Profile
Our Commitment
Database
Search
Advisories by Product
Advisories by Vendor
Terminology
Report Vulnerability
Insecure Library Loading
Less critical

FFmpeg Multiple Vulnerabilities

-

Release Date:  2014-01-10    Views:  677

Secunia Advisory SA56352

Where:

From remote

Impact:

Exposure of sensitive information, DoS

Solution Status:

Vendor Workaround

Software:

CVE Reference(s):

No CVE references.

Description


Some vulnerabilities have been reported in FFmpeg, which can be exploited by malicious people to potentially disclose sensitive information and cause a DoS (Denial of Service) in an application using the library.

1) A use-after-free error in the "hevc_decode_free()" function (libavcodec/hevc.c) can be exploited to dereference already freed memory.

2) An error within the "parse_MP4SLDescrTag()" function (libavformat/mpegts.c) can be exploited to trigger an assertion failure.

3) An error within the "rm_read_audio_stream_info()" function (libavformat/rmdec.c) can be exploited to cause memory leak.

4) An error within the "ape_read_packet()" function (libavformat/ape.c) can be exploited to cause memory leak.

5) An error within the "decode_array_0000()" function (libavcodec/apedec.c) can be exploited to trigger an assertion failure.

6) Some errors when decoding h264 encoded files can be exploited to dereference already freed memory.

7) A division by zero error in the "ogm_header()" function (libavformat/oggparseogm.c) can be exploited to cause a crash.

8) Two errors within the "ff_MPV_frame_start()" function (libavcodec/mpegvideo.c) can be exploited to trigger deadlocks.

9) An error within the "ff_hevc_decode_nal_sps()" function (libavcodec/hevc_ps.c) can be exploited to cause a NULL pointer dereference.

10) Some errors within Sega Film format (CPK) demuxer (libavformat/segafilm.c) can be exploited to cause memory leaks.

11) Some errors when decoding H.264 monochrome coded files can be exploited to cause out of bounds memory accesses.

12) An integer underflow error within the "avpriv_adx_decode_header()" function (libavcodec/adx.c) can be exploited to cause a crash.

13) An error within the "decode_nal_units()" function (libavcodec/h264.c) can be exploited to cause an out of bounds memory access.

14) An error within the "frame_worker_thread()" function (libavcodec/pthread_frame.c) can be exploited to cause memory leak.

15) An error during sps parsing of an h264 encoded file can be exploited to cause an out of bounds read memory access via mismatched luma/chroma bit depths.

16) An error within the "execute_decode_slices()" function (libavcodec/h264.c) can be exploited to cause an out of bounds read memory access.


Solution:
Fixed in the source code repository.

Provided and/or discovered by:
The vendor credits Mateusz "j00ru" Jurczyk and Gynvael Coldwind.

Original Advisory:
http://git.videolan.org/?p=ffmpeg.git;a=commit;h=21a2fb7e0579703fdea96f659498ef8b1f243289
http://git.videolan.org/?p=ffmpeg.git;a=commit;h=e630ca5111077fa8adc972fe8a3d7e2b3e8dc91f
http://git.videolan.org/?p=ffmpeg.git;a=commit;h=165f96cd2d687122748f862a0bc6e9908fe3d5d2
http://git.videolan.org/?p=ffmpeg.git;a=commit;h=459db51271807ba26162db7b67ac1ff444cc0fa9
http://git.videolan.org/?p=ffmpeg.git;a=commit;h=d5128fce38646d3f64c55feda42084888ba0e87e
http://git.videolan.org/?p=ffmpeg.git;a=commit;h=9a026c72982faf20e1c8dfbe48f0b312cdea69c8
http://git.videolan.org/?p=ffmpeg.git;a=commit;h=75647dea6f7db79b409bad66a119f5c73da730f3
http://git.videolan.org/?p=ffmpeg.git;a=commit;h=feded990e3ef9af4a0b827d5b6d8fe86f0b94942
http://git.videolan.org/?p=ffmpeg.git;a=commit;h=d66bab0a69ac1860e78dd951ad8db1a507e75642
http://git.videolan.org/?p=ffmpeg.git;a=commit;h=6892d145a0c80249bd61ee7dd31ec851c5076bcd
http://git.videolan.org/?p=ffmpeg.git;a=commit;h=a03a642d5ceb5f2f7c6ebbf56ff365dfbcdb65eb
http://git.videolan.org/?p=ffmpeg.git;a=commit;h=5569146d48f06564e8fa393424782cceed510916
http://git.videolan.org/?p=ffmpeg.git;a=commit;h=58312b2472d3a44d7458865c459d59ef2e02bf1a
http://git.videolan.org/?p=ffmpeg.git;a=commit;h=9cbf2d78f0a9c19129e7a70b2281a450d386c6d9
http://git.videolan.org/?p=ffmpeg.git;a=commit;h=bfd26b7ce6efea594f2b99441d900419df3af638
http://git.videolan.org/?p=ffmpeg.git;a=commit;h=9eef9eb3014b2ed9c3ff4aac510a9f04edb555cf

Deep Links:
Links available to Secunia VIM customers

Do you have additional information related to this advisory?

Please provide information about patches, mitigating factors, new versions, exploits, faulty patches, links, and other relevant data by posting comments to this Advisory. You can also send this information to vuln@secunia.com

Subject: FFmpeg Multiple Vulnerabilities

No posts yet

-

You must be logged in to post a comment.



 Products Solutions Customers Partner Resources Company
 
 Corporate
Vulnerability Intelligence Manager (VIM)
Corporate Software Inspector (CSI)
Consumer
Personal Software Inspector (PSI)
Online Software Inspector (OSI)
 Industry
Compliance
Technology
Integration
 Customers
Testimonials
 VARS
MSSP
Technology Partners
References
 Factsheets
Reports
Webinars
Events
 About us
Careers
Memberships
Newsroom


 
© 2002-2014 Secunia ApS - Rued Langgaards Vej 8, 4th floor, DK-2300 Copenhagen, Denmark - +45 7020 5144
Terms & Conditions and Copyright - Privacy - Report Vulnerability