Vigil@nce: FFmpeg, memory corruption via VMD
December 2011 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can create a malicious VMD document, and invite the
victim to display it with an application linked to FFmpeg, in
order to stop it or to execute code on his computer.
– Severity: 2/4
– Creation date: 30/11/2011
IMPACTED PRODUCTS
– Unix - plateform
DESCRIPTION OF THE VULNERABILITY
The FFmpeg suite contains several libraries to process multimedia
data.
The VMD (Sierra Video and Music Data) format starts by a header
indicating the size of frames.
However, the vmd_decode() function of FFmpeg accepts to copy data
outside the memory area associated to these frames.
An attacker can therefore create a malicious VMD document, and
invite the victim to display it with an application linked to
FFmpeg, in order to stop it or to execute code on his computer.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/FFmpeg-memory-corruption-via-VMD-11183