|From:||Dan Rosenberg <dan.j.rosenberg-Re5JQEeQqe8AvxtiuMwx3w-AT-public.gmane.org>|
|Subject:||Re: [oCERT-2011-002] libavcodec insufficient boundary check|
|Date:||Wed, 10 Aug 2011 10:04:34 -0400|
On Wed, Aug 10, 2011 at 9:19 AM, Daniele Bianco <danbia-2R2EBYZCiwbYtjvyW6yDsg@public.gmane.org> wrote: > > #2011-002 libavcodec insufficient boundary check > > Description: > > The libavcodec library, an open source video encoding/decoding library part > of the FFmpeg and Libav projects, performs insufficient boundary check > against a buffer index. The missing check can result in arbitrary read/write > of data outside a destination buffer boundaries. > > The vulnerability affects the Chinese AVS video (CAVS) file format decoder, > specially crafted CAVS files may lead to arbitrary code execution during > decoding. > While you're at it, here are a couple more: * Out-of-bounds read on lines 166-171 due to signedness error * Out-of-bounds read on lines 224-240 due to signedness error Line numbers based on upstream git: http://git.videolan.org/?p=ffmpeg.git;a=blob;f=libavcodec... Hint to distributions and software developers: if you're going to use libavcodec (or libavformat, etc.) for your project, consider restricting the default build to include only *commonly* used codecs and demuxers. The code quality of many of the more obscure formats is questionable at best. Regards, Dan
Copyright © 2011, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds