Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [day] [month] [year] [list] 
Date: Thu, 8 Dec 2016 02:28:11 +0000
From: 连一汉 <lianyihan@....cn>
To: "oss-security@...ts.openwall.com" <oss-security@...ts.openwall.com>
Subject: [CVE-2016-8595] ffmpeg crashes with an assert

Hi , I’m LianYihan ,a security researcher in Qihoo 360 Gear Team.

=========================== target version ==========================

Ffmpeg 3.1.4

=========================== test command =========================

ffmpeg -c:a dvaudio -i input.avi -y output.mp4

============================= crash info ===========================

Assertion 0 failed at libavcodec/gsm_parser.c:59

Program received signal SIGABRT, Aborted.
0x00007ffff70f65f7 in raise () from /lib64/libc.so.6 Missing separate debuginfos, use: debuginfo-install glibc-2.17-106.el7_2.4.x86_64 xz-libs-5.1.2-12alpha.el7.x86_64 zlib-1.2.7-15.el7.x86_64
(gdb) bt
#0  0x00007ffff70f65f7 in raise () from /lib64/libc.so.6
#1  0x00007ffff70f7ce8 in abort () from /lib64/libc.so.6
#2  0x00000000008ce5cf in gsm_parse (s1=0x211a160, avctx=0x2119750, poutbuf=0x7fffffffd718, poutbuf_size=0x7fffffffd720, buf=0x7fffffffd630 "",
    buf_size=0x0) at libavcodec/gsm_parser.c:59
#3  0x0000000000c0bb3a in av_parser_parse2 (s=0x211a160, avctx=0x2119750, poutbuf=0x7fffffffd718, poutbuf_size=0x7fffffffd720, buf=0x7fffffffd630 "",
    buf_size=0x0, pts=0x8000000000000000, dts=0x8000000000000000, pos=0xffffffffffffffff) at libavcodec/parser.c:182
#4  0x000000000077c8ae in parse_packet (s=0x2117310, pkt=0x7fffffffd6a0, stream_index=0x1) at libavformat/utils.c:1358
#5  0x000000000077ce23 in read_frame_internal (s=0x2117310, pkt=0x7fffffffdb40) at libavformat/utils.c:1468
#6  0x0000000000783dda in avformat_find_stream_info (ic=0x2117310, options=0x2117cb0) at libavformat/utils.c:3479
#7  0x000000000040e3b0 in open_input_file (o=0x7fffffffde50, filename=0x7fffffffe70d "input.avi") at ffmpeg_opt.c:1002
#8  0x0000000000416ca7 in open_files (l=0x2117028, inout=0x133e537 "input", open_file=0x40dabb <open_input_file>) at ffmpeg_opt.c:3036
#9  0x0000000000416e03 in ffmpeg_parse_options (argc=0x7, argv=0x7fffffffe438) at ffmpeg_opt.c:3073
#10 0x000000000042a640 in main (argc=0x7, argv=0x7fffffffe438) at ffmpeg.c:4335
#11 0x00007ffff70e2b15 in __libc_start_main () from /lib64/libc.so.6
#12 0x00000000004045d9 in _start ()

(gdb) l libavcodec/gsm_parser.c:59
54                  s->block_size = avctx->block_align ? avctx->block_align
55                                                     : GSM_MS_BLOCK_SIZE;
56                  s->duration   = GSM_FRAME_SIZE * 2;
57                  break;
58              default:
59                  av_assert0(0);
60              }
61          }

-----邮件原件-----
发件人: cve-request@...re.org [mailto:cve-request@...re.org] 
发送时间: 2016年10月11日 22:52
收件人: 连一汉
抄送: cve-request@...re.org
主题: Re: [scr247746] assert result in DOS

> [VulnerabilityType Other]
> assert result in DOS
> 
> ------------------------------------------
> 
> [Affected Product Code Base]
> ffmpeg - 3.1.4

Use CVE-2016-8595.

--
CVE Assignment Team
M/S M300, 202 Burlington Road, Bedford, MA 01730 USA [ A PGP key is available for encrypted communications at
  http://cve.mitre.org/cve/request_id.html ]

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.