Multiple vulnerabilities in FFmpeg
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 2 |
| CVE-ID | CVE-2016-6881 CVE-2016-6920 |
| CWE-ID | CWE-399 CWE-122 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software |
FFmpeg Universal components / Libraries / Libraries used by multiple products |
| Vendor | ffmpeg.sourceforge.net |
Security Bulletin
This security bulletin contains information about 2 vulnerabilities.
1) Resource management error
EUVDB-ID: #VU32153
Risk: Low
CVSSv4.0: 4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2016-6881
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local non-authenticated attacker to perform a denial of service (DoS) attack.
The zlib_refill function in libavformat/swfdec.c in FFmpeg before 3.1.3 allows remote attackers to cause an infinite loop denial of service via a crafted SWF file.
MitigationInstall update from vendor's website.
Vulnerable software versionsFFmpeg: 3.1.0 - 3.1.2
CPE2.3- cpe:2.3:a:ffmpeg_sourceforge_net:ffmpeg:3.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:ffmpeg_sourceforge_net:ffmpeg:3.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:ffmpeg_sourceforge_net:ffmpeg:3.1.2:*:*:*:*:*:*:*
https://www.openwall.com/lists/oss-security/2016/09/26/6
https://www.securityfocus.com/bid/93163
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Heap-based buffer overflow
EUVDB-ID: #VU110564
Risk: Medium
CVSSv4.0: N/A
CVE-ID: CVE-2016-6920
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in Heap-based buffer overflow in the decode_block function in libavcodec/exr.c in FFmpeg before 3.1.3. A remote attacker can use vectors involving tile positions. to trigger a heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsFFmpeg: 3.1 - 3.1.2
CPE2.3- cpe:2.3:a:ffmpeg_sourceforge_net:ffmpeg:3.1:*:*:*:*:*:*:*
- cpe:2.3:a:ffmpeg_sourceforge_net:ffmpeg:3.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:ffmpeg_sourceforge_net:ffmpeg:3.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:ffmpeg_sourceforge_net:ffmpeg:3.1.2:*:*:*:*:*:*:*
https://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=79f52a0dbd484aad111e4bf4a4f7047c7ceb6137
https://packetstormsecurity.com/files/138618/ffmpeg-3.1.2-Heap-Overflow.html
https://www.securityfocus.com/archive/1/539368/100/0/threaded
https://www.securityfocus.com/bid/92664
https://www.securityfocus.com/bid/92790
https://www.ffmpeg.org/security.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
