Vigil@nce: FFmpeg, several buffer overflows
January 2009 by Vigil@nce
SYNTHESIS OF THE VULNERABILITY
An attacker can generate several overflows in FFmpeg in order to
create a denial of service or to execute code on victim’s computer.
Gravity: 2/4
Consequences: user access/rights
Provenance: document
Means of attack: no proof of concept, no attack
Ability of attacker: expert (4/4)
Confidence: confirmed by the editor (5/5)
Diffusion of the vulnerable configuration: high (3/3)
Number of vulnerabilities in this bulletin: 2
Creation date: 16/01/2009
IMPACTED PRODUCTS
– Mandriva Linux
– Unix - plateform
DESCRIPTION OF THE VULNERABILITY
The libavcodec library of FFmpeg implements video/audio
encoders/decoders. The libavformat library implements a parser.
They contain several vulnerabilities.
An attacker can generate two overflows in the pts_buffer array of
libavformat. [grav:2/4; CVE-2008-4866]
The DCA_MAX_FRAME_SIZE variable of libavcodec is short of one
byte. [grav:2/4; CVE-2008-4867]
An attacker can therefore create a malicious file to execute code
or cause a denial of service on computer of victims accepting to
open it with a program linked to libavcodec/libavformat.
CHARACTERISTICS
Identifiers: BID-33308, CVE-2008-4866, CVE-2008-4867,
MDVSA-2009:013, MDVSA-2009:014, MDVSA-2009:015, VIGILANCE-VUL-8398
http://vigilance.fr/vulnerability/FFmpeg-several-buffer-overflows-8398