oss-sec mailing list archives
[CVE-2017-15672]: ffmpeg: read out of bounds of buffer when it parsing an craft mp4 file.
From: 连一汉 <lianyihan () 360 cn>
Date: Fri, 3 Nov 2017 11:17:03 +0000
Affected package: ffmpeg Affected versions: <= 3.3.4 FFmpeg could read out of bounds of buffer when it parsing an craft mp4 file. While ffmpeg calculating “bytestream_end” in ff_init_range_encoder() of libavcodec/rangecoder.c, it uses a small “buf_size”. But when using this structure in read_header() of libavcodec/ffv1dec.c, It will minus a bigger “trailer” than “buf_size” to read “size” through AV_RB24(). So it reads the front memory of “bytestream”, and get an error “size”. The issue was fixed with the following commit: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=c20f4fcb74da2d0432c7b54499bb98f48236b904 Regards Reported by Zhibin Hu and Yihan Lian from Qihoo 360 GearTeam
Current thread:
- [CVE-2017-15672]: ffmpeg: read out of bounds of buffer when it parsing an craft mp4 file. 连一汉 (Nov 03)