oss-sec mailing list archives

Re: [CVE-2017-9608] null-point-exception happened when ffmpeg using dnxhd decoder to parsing a crafted mv file.

From: Henri Salo <henri () nerv fi>
Date: Tue, 15 Aug 2017 22:31:01 +0300

On Mon, Aug 14, 2017 at 09:52:51AM +0000, 连一汉 wrote:

I found a vulnerability of ffmpeg-3.3.2.
FFmpeg could be crashed when it is parsing a crafted mov file.
ffmpeg -c:v dnxhd -i poc.mov -y output.ts
Use CVE-2017-9608.


Have you reported this issue to the upstream? Did you test this case against
latest development branch? https://www.ffmpeg.org/bugreports.html

-- 
Henri Salo

Current thread:

[CVE-2017-9608] null-point-exception happened when ffmpeg using dnxhd decoder to parsing a crafted mv file. 连一汉 (Aug 14)
- Re: [CVE-2017-9608] null-point-exception happened when ffmpeg using dnxhd decoder to parsing a crafted mv file. Henri Salo (Aug 15)