User: Password:
Subscribe / Log in / New account

Re: [oCERT-2011-002] libavcodec insufficient boundary check

From:  Dan Rosenberg <>
Subject:  Re: [oCERT-2011-002] libavcodec insufficient boundary check
Date:  Wed, 10 Aug 2011 10:04:34 -0400
Message-ID:  <>
Archive-link:  Article

On Wed, Aug 10, 2011 at 9:19 AM, Daniele Bianco <>
> #2011-002 libavcodec insufficient boundary check
> Description:
> The libavcodec library, an open source video encoding/decoding library part
> of the FFmpeg and Libav projects, performs insufficient boundary check
> against a buffer index. The missing check can result in arbitrary read/write
> of data outside a destination buffer boundaries.
> The vulnerability affects the Chinese AVS video (CAVS) file format decoder,
> specially crafted CAVS files may lead to arbitrary code execution during
> decoding.

While you're at it, here are a couple more:

* Out-of-bounds read on lines 166-171 due to signedness error
* Out-of-bounds read on lines 224-240 due to signedness error

Line numbers based on upstream git:;a=blob;f=libavcodec...

Hint to distributions and software developers: if you're going to use
libavcodec (or libavformat, etc.) for your project, consider
restricting the default build to include only *commonly* used codecs
and demuxers.  The code quality of many of the more obscure formats is
questionable at best.


(Log in to post comments)

Copyright © 2011, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds