Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <A962A2D04FAB5C4499FEFD15B642FA0A012003B7@EX02.corp.qihoo.net>
Date: Mon, 26 Sep 2016 06:42:38 +0000
From: 连一汉 <lianyihan@....cn>
To: "oss-security@...ts.openwall.com" <oss-security@...ts.openwall.com>
Subject: [CVE-2016-6881] ffmpeg endless loop when dealing with craft swf
 file.



I'm Lian ,a security researcher from Qihoo 360 .



I found a vulnerability of ffmpeg . And this could cause ffmpeg get into endless loop !

>

> ================== target system ======================

>

> ffmpeg version 3.1.2 Copyright (c)

>

> Ffmpeg -i poc.swf -b:v 640k -y output.ts

>

> ================== target web site ======================

>

> https://ffmpeg.org/

>

> ========================= key codes ======================

>

> swfdec.c: line 121

>

> zlib_refill()

> {



> retry:



> ret = inflate(z, Z_NO_FLUSH); // ret is always 2 (Z_NEED_DICT) , and other variates will not been changed.



> if (buf_size - z->avail_out == 0)

>  goto retry;





Our understanding is that swfdec.c is part of the libavformat library and thus this issue may affect other applications that use that library.



Use CVE-2016-6881.



--

CVE Assignment Team

M/S M300, 202 Burlington Road, Bedford, MA 01730 USA [ A PGP key is available for encrypted communications at

  http://cve.mitre.org/cve/request_id.html ]

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.