oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

[CVE-2016-6881] ffmpeg endless loop when dealing with craft swf file.

From: 连一汉 <lianyihan () 360 cn>
Date: Mon, 26 Sep 2016 06:42:38 +0000


I'm Lian ,a security researcher from Qihoo 360 .



I found a vulnerability of ffmpeg . And this could cause ffmpeg get into endless loop !






================== target system ======================







ffmpeg version 3.1.2 Copyright (c)







Ffmpeg -i poc.swf -b:v 640k -y output.ts







================== target web site ======================







https://ffmpeg.org/







========================= key codes ======================







swfdec.c: line 121







zlib_refill()



{





retry:





ret = inflate(z, Z_NO_FLUSH); // ret is always 2 (Z_NEED_DICT) , and other variates will not been changed.





if (buf_size - z->avail_out == 0)



 goto retry;






Our understanding is that swfdec.c is part of the libavformat library and thus this issue may affect other applications 
that use that library.



Use CVE-2016-6881.



--

CVE Assignment Team

M/S M300, 202 Burlington Road, Bedford, MA 01730 USA [ A PGP key is available for encrypted communications at

  http://cve.mitre.org/cve/request_id.html ]
Previous By Date Next
Previous By Thread Next

Current thread: