Divide-by-zero in FFmpeg

#VU13983 Divide-by-zero in FFmpeg

Published: 2018-07-23

Vulnerability identifier: #VU13983

Vulnerability risk: Low

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-14395

CWE-ID: CWE-369

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
FFmpeg
Universal components / Libraries / Libraries used by multiple products

Vendor: ffmpeg.sourceforge.net

Description

The vulnerability allows a remote unauthenticated attacker to cause DoS condition.

The vulnerability exists due to boundary error when the mov_write_audio_tag() function, as defined in the libavformat/movenc.c source code file of the affected software, is used. A remote attacker can trick the victim into opening a specially crafted audio file that submits malicious input, trigger a divide-by-zero error and cause the service to crash.

Mitigation
Update to version 4.0.2.

Vulnerable software versions

FFmpeg: 0.3 - cvs

External links
http://github.com/FFmpeg/FFmpeg/commit/fa19fbcf712a6a6cc5a5cfdc3254a97b9bce6582

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Debian update for ffmpeg

Denial of service in FFmpeg

Divide-by-zero in ffmpeg (Alpine package)