Divide-by-zero in FFmpeg

#VU13984 Divide-by-zero in FFmpeg

Cybersecurity Help s.r.o.

Published: 2018-07-23

Vulnerability identifier: #VU13984

Vulnerability risk: Low

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-14394

CWE-ID: CWE-369

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
FFmpeg
Universal components / Libraries / Libraries used by multiple products

Vendor: ffmpeg.sourceforge.net

Description

The vulnerability allows a remote unauthenticated attacker to cause DoS condition.

The vulnerability exists due to boundary error when the ff_mov_write_packet() function, as defined in the libavformat/movenc.c source code file of the affected software, is used. A remote attacker can trick the victim into opening a specially crafted WAV file that submits malicious input, trigger a divide-by-zero error and cause the service to crash.

Mitigation
Update to version 4.0.2.

Vulnerable software versions

FFmpeg: 0.3 - cvs

External links
http://github.com/FFmpeg/FFmpeg/commit/fa19fbcf712a6a6cc5a5cfdc3254a97b9bce6582

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Denial of service in FFmpeg

Divide-by-zero in ffmpeg (Alpine package)