Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [day] [month] [year] [list]
Date: Mon, 26 Sep 2016 06:42:38 +0000
From: 连一汉 <lianyihan@....cn>
To: "oss-security@...ts.openwall.com" <oss-security@...ts.openwall.com>
Subject: [CVE-2016-6881] ffmpeg endless loop when dealing with craft swf
 file.



I'm Lian ,a security researcher from Qihoo 360 .



I found a vulnerability of ffmpeg . And this could cause ffmpeg get into endless loop !

>

> ================== target system ======================

>

> ffmpeg version 3.1.2 Copyright (c)

>

> Ffmpeg -i poc.swf -b:v 640k -y output.ts

>

> ================== target web site ======================

>

> https://ffmpeg.org/

>

> ========================= key codes ======================

>

> swfdec.c: line 121

>

> zlib_refill()

> {



> retry:



> ret = inflate(z, Z_NO_FLUSH); // ret is always 2 (Z_NEED_DICT) , and other variates will not been changed.



> if (buf_size - z->avail_out == 0)

>  goto retry;





Our understanding is that swfdec.c is part of the libavformat library and thus this issue may affect other applications that use that library.



Use CVE-2016-6881.



--

CVE Assignment Team

M/S M300, 202 Burlington Road, Bedford, MA 01730 USA [ A PGP key is available for encrypted communications at

  http://cve.mitre.org/cve/request_id.html ]

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ