Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <A962A2D04FAB5C4499FEFD15B642FA0A35DFE3C1@EX02.corp.qihoo.net>
Date: Fri, 3 Nov 2017 11:17:03 +0000
From: 连一汉 <lianyihan@....cn>
To: "oss-security@...ts.openwall.com" <oss-security@...ts.openwall.com>
Subject: [CVE-2017-15672]: ffmpeg: read out of bounds of buffer when it
 parsing an craft mp4 file.

Affected package: ffmpeg
Affected versions: <= 3.3.4

FFmpeg could read out of bounds of buffer when it parsing an craft mp4 file.

While ffmpeg calculating “bytestream_end” in ff_init_range_encoder() of libavcodec/rangecoder.c,
it uses a small “buf_size”. But when using this structure in read_header() of libavcodec/ffv1dec.c,
It will minus a bigger “trailer” than “buf_size” to read “size” through AV_RB24().
So it reads the front memory of “bytestream”, and get an error “size”.

The issue was fixed with the following commit:
http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=c20f4fcb74da2d0432c7b54499bb98f48236b904

Regards

Reported by Zhibin Hu and Yihan Lian from Qihoo 360 GearTeam

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.