Vulnerability identifier: #VU32008
Vulnerability risk: Medium
CVSSv3.1: 6 [AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:U/RC:C]
CVE-ID:
CWE-ID:
CWE-416
Exploitation vector: Network
Exploit availability: No
Vulnerable software:
FFmpeg
Universal components / Libraries /
Libraries used by multiple products
Vendor: ffmpeg.sourceforge.net
Description
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error when processing specially crafted RM file has to be provided as input. This vulnerability appears to have been fixed in a7e032a277452366771951e29fd0bf2bd5c029f0 and later. A attacker to read heap memory. This attack appear can be exploitable.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
Mitigation
Cybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versions
FFmpeg: 0.29
External links
http://www.securityfocus.com/bid/104896
http://github.com/FFmpeg/FFmpeg/commit/a7e032a277452366771951e29fd0bf2bd5c029f0
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.