Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [day] [month] [year] [list]
Date: Thu, 8 Dec 2016 02:28:11 +0000
From: 连一汉 <lianyihan@....cn>
To: "oss-security@...ts.openwall.com" <oss-security@...ts.openwall.com>
Subject: [CVE-2016-8595] ffmpeg crashes with an assert

Hi , Im LianYihan ,a security researcher in Qihoo 360 Gear Team.

=========================== target version ==========================

Ffmpeg 3.1.4

=========================== test command =========================

ffmpeg -c:a dvaudio -i input.avi -y output.mp4

============================= crash info ===========================

Assertion 0 failed at libavcodec/gsm_parser.c:59

Program received signal SIGABRT, Aborted.
0x00007ffff70f65f7 in raise () from /lib64/libc.so.6 Missing separate debuginfos, use: debuginfo-install glibc-2.17-106.el7_2.4.x86_64 xz-libs-5.1.2-12alpha.el7.x86_64 zlib-1.2.7-15.el7.x86_64
(gdb) bt
#0  0x00007ffff70f65f7 in raise () from /lib64/libc.so.6
#1  0x00007ffff70f7ce8 in abort () from /lib64/libc.so.6
#2  0x00000000008ce5cf in gsm_parse (s1=0x211a160, avctx=0x2119750, poutbuf=0x7fffffffd718, poutbuf_size=0x7fffffffd720, buf=0x7fffffffd630 "",
    buf_size=0x0) at libavcodec/gsm_parser.c:59
#3  0x0000000000c0bb3a in av_parser_parse2 (s=0x211a160, avctx=0x2119750, poutbuf=0x7fffffffd718, poutbuf_size=0x7fffffffd720, buf=0x7fffffffd630 "",
    buf_size=0x0, pts=0x8000000000000000, dts=0x8000000000000000, pos=0xffffffffffffffff) at libavcodec/parser.c:182
#4  0x000000000077c8ae in parse_packet (s=0x2117310, pkt=0x7fffffffd6a0, stream_index=0x1) at libavformat/utils.c:1358
#5  0x000000000077ce23 in read_frame_internal (s=0x2117310, pkt=0x7fffffffdb40) at libavformat/utils.c:1468
#6  0x0000000000783dda in avformat_find_stream_info (ic=0x2117310, options=0x2117cb0) at libavformat/utils.c:3479
#7  0x000000000040e3b0 in open_input_file (o=0x7fffffffde50, filename=0x7fffffffe70d "input.avi") at ffmpeg_opt.c:1002
#8  0x0000000000416ca7 in open_files (l=0x2117028, inout=0x133e537 "input", open_file=0x40dabb <open_input_file>) at ffmpeg_opt.c:3036
#9  0x0000000000416e03 in ffmpeg_parse_options (argc=0x7, argv=0x7fffffffe438) at ffmpeg_opt.c:3073
#10 0x000000000042a640 in main (argc=0x7, argv=0x7fffffffe438) at ffmpeg.c:4335
#11 0x00007ffff70e2b15 in __libc_start_main () from /lib64/libc.so.6
#12 0x00000000004045d9 in _start ()

(gdb) l libavcodec/gsm_parser.c:59
54                  s->block_size = avctx->block_align ? avctx->block_align
55                                                     : GSM_MS_BLOCK_SIZE;
56                  s->duration   = GSM_FRAME_SIZE * 2;
57                  break;
58              default:
59                  av_assert0(0);
60              }
61          }

-----ʼԭ-----
: cve-request@...re.org [mailto:cve-request@...re.org] 
ʱ: 20161011 22:52
ռ: һ
: cve-request@...re.org
: Re: [scr247746] assert result in DOS

> [VulnerabilityType Other]
> assert result in DOS
> 
> ------------------------------------------
> 
> [Affected Product Code Base]
> ffmpeg - 3.1.4

Use CVE-2016-8595.

--
CVE Assignment Team
M/S M300, 202 Burlington Road, Bedford, MA 01730 USA [ A PGP key is available for encrypted communications at
  http://cve.mitre.org/cve/request_id.html ]

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ