FFmpeg Processing Flaws Lets Remote Users Cause the Target Application or Service to Crash
|
SecurityTracker Alert ID: 1035010 |
SecurityTracker URL: http://securitytracker.com/id/1035010
|
CVE Reference:
CVE-2016-2326, CVE-2016-2327, CVE-2016-2328, CVE-2016-2329, CVE-2016-2330
(Links to External Site)
|
Date: Feb 12 2016
|
Impact:
Denial of service via network
|
Fix Available: Yes Vendor Confirmed: Yes
|
|
Description:
Multiple vulnerabilities were reported in FFmpeg. A remote user can cause the target application to crash.
A remote user can create a '.mov' file containing a specially crafted presentation timestamp (PTS) value that, when loaded by the target user or application, will trigger an integer overflow in the asf_write_packet() function in 'libavformat/asfenc.c' and cause the application to crash [CVE-2016-2326].
A remote user can create a specially crafted '.avi' file that, when loaded by the target user or application, will trigger an out-of-bounds array access in performing row calculations and cause the application to crash [CVE-2016-2327].
A remote user can create a specially crafted '.cine' file that, when loaded by the target user or application, will trigger an out-of-bounds array access in processing height values and cause the application to crash [CVE-2016-2328].
A remote user can create a specially crafted TIFF file that, when loaded by the target user or application, will trigger an out-of-bounds array access in the processing of RowsPerStrip values and YCbCr chrominance subsampling factors and cause the application to crash [CVE-2016-2329].
A remote user can create a specially crafted '.tga' file that, when loaded by the target user or application, will trigger an out-of-bounds array access in the processing of buffer sizes and cause the application to crash [CVE-2016-2330].
|
Impact:
A remote user can cause the target application to crash.
|
Solution:
The vendor has issued a fix.
For CVE-2016-2326:
http://git.videolan.org/?p=ffmpeg.git;a=commit;h=7c0b84d89911b2035161f5ef51aafbfcc84aa9e2
For CVE-2016-2327:
http://git.videolan.org/?p=ffmpeg.git;a=commit;h=7ec9c5ce8a753175244da971fed9f1e25aef7971
http://git.videolan.org/?p=ffmpeg.git;a=commit;h=8f4c3e4b92212d98f5b9ca2dee13e076effe9589
For CVE-2016-2328:
http://git.videolan.org/?p=ffmpeg.git;a=commit;h=757248ea3cd917a7755cb15f817a9b1f15578718
http://git.videolan.org/?p=ffmpeg.git;a=commit;h=ad3b6fa7d83db7de951ed891649af93a47e74be5
For CVE-2016-2329:
http://git.videolan.org/?p=ffmpeg.git;a=commit;h=89f464e9c229006e16f6bb5403c5529fdd0a9edd
For CVE-2016-2330:
http://git.videolan.org/?p=ffmpeg.git;a=commit;h=03d83ba34b2070878909eae18dfac0f519503777
|
Vendor URL: ffmpeg.org/ (Links to External Site)
|
Cause:
Access control error
|
Underlying OS: Linux (Any), UNIX (Any), Windows (Any)
|
|
Message History:
This archive entry has one or more follow-up message(s) listed below.
|
Source Message Contents
|
|
[Original Message Not Available for Viewing]
|
|