oss-sec mailing list archives
[CVE-2016-6881] ffmpeg endless loop when dealing with craft swf file.
From: 连一汉 <lianyihan () 360 cn>
Date: Mon, 26 Sep 2016 06:42:38 +0000
I'm Lian ,a security researcher from Qihoo 360 . I found a vulnerability of ffmpeg . And this could cause ffmpeg get into endless loop !
================== target system ======================
ffmpeg version 3.1.2 Copyright (c)
Ffmpeg -i poc.swf -b:v 640k -y output.ts
================== target web site ======================
https://ffmpeg.org/
========================= key codes ======================
swfdec.c: line 121
zlib_refill()
{
retry:
ret = inflate(z, Z_NO_FLUSH); // ret is always 2 (Z_NEED_DICT) , and other variates will not been changed.
if (buf_size - z->avail_out == 0)
goto retry;
Our understanding is that swfdec.c is part of the libavformat library and thus this issue may affect other applications that use that library. Use CVE-2016-6881. -- CVE Assignment Team M/S M300, 202 Burlington Road, Bedford, MA 01730 USA [ A PGP key is available for encrypted communications at http://cve.mitre.org/cve/request_id.html ]
Current thread:
- [CVE-2016-6881] ffmpeg endless loop when dealing with craft swf file. 连一汉 (Sep 26)