| ||||||||||||||||||||||
Re: [oCERT-2011-002] libavcodec insufficient boundary check
On Wed, Aug 10, 2011 at 9:19 AM, Daniele Bianco <danbia-2R2EBYZCiwbYtjvyW6yDsg@public.gmane.org> wrote: > > #2011-002 libavcodec insufficient boundary check > > Description: > > The libavcodec library, an open source video encoding/decoding library part > of the FFmpeg and Libav projects, performs insufficient boundary check > against a buffer index. The missing check can result in arbitrary read/write > of data outside a destination buffer boundaries. > > The vulnerability affects the Chinese AVS video (CAVS) file format decoder, > specially crafted CAVS files may lead to arbitrary code execution during > decoding. > While you're at it, here are a couple more: * Out-of-bounds read on lines 166-171 due to signedness error * Out-of-bounds read on lines 224-240 due to signedness error Line numbers based on upstream git: http://git.videolan.org/?p=ffmpeg.git;a=blob;f=libavcodec... Hint to distributions and software developers: if you're going to use libavcodec (or libavformat, etc.) for your project, consider restricting the default build to include only *commonly* used codecs and demuxers. The code quality of many of the more obscure formats is questionable at best. Regards, Dan (Log in to post comments)
|
||||||||||||||||||||||