User: Password:
|
|
Subscribe / Log in / New account

Re: [oCERT-2011-002] libavcodec insufficient boundary check

From:  Dan Rosenberg <dan.j.rosenberg-Re5JQEeQqe8AvxtiuMwx3w-AT-public.gmane.org>
To:  oss-security-ZwoEplunGu1jrUoiu81ncdBPR1lH4CV8-AT-public.gmane.org
Subject:  Re: [oCERT-2011-002] libavcodec insufficient boundary check
Date:  Wed, 10 Aug 2011 10:04:34 -0400
Message-ID:  <CAOSRhRPihYYsJ-Jfch=Q0R+ed5XuAj8AT38j69gGdq4u_-9Hqw@mail.gmail.com>
Cc:  ocert-announce-pwPoLXtpye+Vt0bn4QsfYQ-AT-public.gmane.org
Archive-link:  Article

On Wed, Aug 10, 2011 at 9:19 AM, Daniele Bianco <danbia-2R2EBYZCiwbYtjvyW6yDsg@public.gmane.org>
wrote:
>
> #2011-002 libavcodec insufficient boundary check
>
> Description:
>
> The libavcodec library, an open source video encoding/decoding library part
> of the FFmpeg and Libav projects, performs insufficient boundary check
> against a buffer index. The missing check can result in arbitrary read/write
> of data outside a destination buffer boundaries.
>
> The vulnerability affects the Chinese AVS video (CAVS) file format decoder,
> specially crafted CAVS files may lead to arbitrary code execution during
> decoding.
>

While you're at it, here are a couple more:

* Out-of-bounds read on lines 166-171 due to signedness error
* Out-of-bounds read on lines 224-240 due to signedness error

Line numbers based on upstream git:
http://git.videolan.org/?p=ffmpeg.git;a=blob;f=libavcodec...


Hint to distributions and software developers: if you're going to use
libavcodec (or libavformat, etc.) for your project, consider
restricting the default build to include only *commonly* used codecs
and demuxers.  The code quality of many of the more obscure formats is
questionable at best.

Regards,
Dan



(Log in to post comments)


Copyright © 2011, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds