FFmpeg is prone to a heap-based buffer overflow vulnerability.
Successfully exploiting this issue allows remote attackers to crash the affected application, denying service to legitimate users. Due to the nature of this issue, code execution may be possible but this has not been confirmed.
FFmpeg 2.8.x prior to 2.8.12, 3.0.x prior to 3.0.8, 3.1.x prior to 3.1.8, 3.2.x prior to 3.2.5, and 3.3.x prior to 3.3.1 are vulnerable.
Information
FFmpeg FFmpeg 3.2.2
FFmpeg FFmpeg 3.2
FFmpeg FFmpeg 3.1.7
FFmpeg FFmpeg 3.1.6
FFmpeg FFmpeg 3.1.2
FFmpeg FFmpeg 3.1.1
FFmpeg FFmpeg 3.1
FFmpeg FFmpeg 3.0.7
FFmpeg FFmpeg 3.0.5
FFmpeg FFmpeg 3.0
FFmpeg FFmpeg 2.8.11
FFmpeg FFmpeg 2.8.10
FFmpeg FFmpeg 2.8.5
FFmpeg FFmpeg 2.8.4
FFmpeg FFmpeg 2.8.3
FFmpeg FFmpeg 2.8.2
FFmpeg FFmpeg 2.8.1
FFmpeg FFmpeg 2.8
FFmpeg FFmpeg 3.3.0
FFmpeg FFmpeg 3.1.4
FFmpeg FFmpeg 3.1.3
FFmpeg FFmpeg 3.0.4
FFmpeg FFmpeg 3.0.3
FFmpeg FFmpeg 2.8.9
FFmpeg FFmpeg 2.8.8
FFmpeg FFmpeg 2.8.6
FFmpeg FFmpeg 3.2.5
FFmpeg FFmpeg 3.1.8
FFmpeg FFmpeg 3.0.8
FFmpeg FFmpeg 2.8.12
Exploit
The researcher has created a proof-of-concept to demonstrate the issue. Please see the references for more information.
References:
- FFmpeg Homepage (FFmpeg)
- avcodec/cdxl: Check format for BGR24 (FFmpeg)
- avcodec/cdxl: Check format parameter (FFmpeg)
- ffmpeg: Heap-buffer-overflow in chunky2chunky (chromium)
- ffmpeg: Heap-buffer-overflow in chunky2chunky (chromium)