The iff_read_header function in iff.c in libavformat in FFmpeg through 1.1.3 does not properly handle data sizes for Interchange File Format (IFF) data during operations involving a CMAP chunk or a video codec, which allows remote attackers to cause a denial of service (integer overflow, out-of-bounds array access, and application crash) or possibly have unspecified other impact via a crafted header.
Vector
NETWORK
Complexity
LOW
Authentication
NONE
Confidentiality
PARTIAL
Integrity
PARTIAL
Availability
PARTIAL
FFmpeg 0.10.3
FFmpeg 0.10
FFmpeg FFmpeg 0.9.1
FFmpeg FFmpeg 0.9
FFmpeg 0.8.11
FFmpeg 0.8.10
FFmpeg 0.8.8
FFmpeg 0.8.7
FFmpeg 0.8.6
FFmpeg 0.8.5.4
FFmpeg 0.8.5.3
FFmpeg 0.8.5
FFmpeg 0.8.2
FFmpeg 0.8.1
FFmpeg 0.8.0
FFmpeg 0.7.12
FFmpeg 0.7.11
FFmpeg 0.7.9
FFmpeg 0.7.8
FFmpeg 0.7.7
FFmpeg 0.7.6
FFmpeg 0.7.5
FFmpeg 0.7.4
FFmpeg 0.7.3
FFmpeg 0.7.2
FFmpeg 0.7.1
FFmpeg 0.7
FFmpeg 0.6.3
FFmpeg 0.6.2
FFmpeg 0.6.1
FFmpeg 0.6
FFmpeg 0.5.4.6
FFmpeg 0.5.4.5
FFmpeg 0.5.4
FFmpeg 0.5.3
FFmpeg 0.5.2
FFmpeg 0.5.1
FFmpeg 0.5
FFmpeg 0.4.9 pre1
Ffmpeg Ffmpeg 0.4.9 (not an official CPE)
FFmpeg 0.4.8
FFmpeg 0.4.7
FFmpeg 0.4.6
FFmpeg 0.4.5
FFmpeg 0.4.4
FFmpeg 0.4.3
FFmpeg 0.4.2
FFmpeg 0.4.0
FFmpeg 0.3.4
FFmpeg 0.3.3
FFmpeg 0.3.2
FFmpeg 0.3.1
FFmpeg 0.3
FFmpeg 0.10.4
FFmpeg 0.11
FFmpeg 1.0
FFmpeg 1.1.1
FFmpeg 1.1.2
FFmpeg 1.1.3
| Advisory | Patch | Confirmed | Link |
|---|---|---|---|
| USN-1790-1 | |||
| http://git.videolan.org/?p=ffmpeg.git;a=commit;h=3dbc0ff... |