SB2021060330 - Multiple vulnerabilities in FFmpeg
Published: June 3, 2021 Updated: December 27, 2023
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 2 vulnerabilities.
1) Improper validation of array index (CVE-ID: CVE-2021-33815)
CWE-ID: CWE-129 - Improper Validation of Array Index
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
The vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to an out-of-bounds array access within the dwa_uncompress() function in libavcodec/exr.c. A remote attacker can trick the victim to open a specially crafted image, trigger memory corruption and execute arbitrary code on the system.
2) Unchecked return value (CVE-ID: CVE-2021-38171)
CWE-ID: CWE-252 - Unchecked Return Value
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
The vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to an unchecked return value within the adts_decode_extradata() function in libavformat/adtsenc.c. A remote attacker can trick the victim to open a specially crafted image and execute arbitrary code on the system.
Remediation
Install update from vendor's website.
References
- https://github.com/FFmpeg/FFmpeg/commit/26d3c81bc5ef2f8c3f09d45eaeacfb4b1139a777
- https://security.gentoo.org/glsa/202312-14
- https://github.com/FFmpeg/FFmpeg/commit/9ffa49496d1aae4cbbb387aac28a9e061a6ab0a6
- https://www.debian.org/security/2021/dsa-4990
- https://www.debian.org/security/2021/dsa-4998
- https://lists.debian.org/debian-lts-announce/2021/11/msg00012.html
- https://patchwork.ffmpeg.org/project/ffmpeg/patch/AS8P193MB12542A86E22F8207EC971930B6F19%40AS8P193MB1254.EURP193.PROD.OUTLOOK.COM/