SB2017110906 - Denial of service in FFmpeg

Description

This security bulletin contains information about 3 secuirty vulnerabilities.

1) Double free error (CVE-ID: CVE-2017-15186)

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The vulnerability exists due to double free error when processing malicious input. A remote attacker can send a specially crafted AVI file, trick the victim into opening it and cause the service to crash.

Successful exploitation of the vulnerability results in denial of service.

2) Out-of-bounds read (CVE-ID: CVE-2017-15672)

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The vulnerability exists due to out-of-bounds read in the read_header function in libavcodec/ffv1dec.c. A remote attacker can send a specially crafted MP4 file, trick the victim into opening it and cause the service to crash.

Successful exploitation of the vulnerability results in denial of service.

3) Out-of-bounds read (CVE-ID: CVE-2017-16840)

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The vulnerability exists in the VC-2 Video Compression encoder due to incorrect buffer padding for non-Haar wavelets, related to libavcodec/vc2enc.c and libavcodec/vc2enc_dwt.c. A remote attacker can trigger out-of-bounds read and cause the service to crash.

Successful exploitation of the vulnerability results in denial of service.

Remediation

Install update from vendor's website.

References

• https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/df62b70de8aaa285168e72fe8f6e740843ca91fa
• http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=c20f4fcb74da2d0432c7b54499bb98f48236b904
• http://git.videolan.org/?p=ffmpeg.git;a=commit;h=a94cb36ab2ad99d3a1331c9f91831ef593d94f74