CLD-253 Details

Other IDs this deficiency may be known by:

Basic Information:

Version Specific Information:

Details:

=================================== Overview ===================================

The filter_slice function in libavfilter/vf_transpose.c in FFmpeg through 3.4.1
allows remote attackers to cause a denial of service (out-of-array access) via
a crafted MP4 file.

================================ Initial Report ================================

None

================================= Our Analysis =================================

----- Affected Products -----
This vulnerability affects all versions of ffmpeg that have not had BOTH of the
following patches applied:
https://git.ffmpeg.org/gitweb/ffmpeg.git/patch/3f621455d62e46745453568d915badd5b1e5bcd5?hp=932037c6bb6b41a24e75b031426844a2e6472a74
https://git.ffmpeg.org/gitweb/ffmpeg.git/patch/c6939f65a116b1ffed345d29d8621ee4ffb32235?hp=23ffeb91fe46f6f95348731396ccfdb7fbff0337
This includes ffmpeg 3.3.6 (the version used in Cucumber Linux 1.0 and 1.1).
Therefore, ffmpeg as originally packaged in Cucumber Linux 1.0 and 1.1 is
vulnerable to this. Unfortunately, the aforementioned patches are written for
ffmpeg 3.4, not 3.3, and they are not backportable, so we will have to wait for
the upstream developers to publish a proper patch for 3.3.

----- Fix for this Vulnerability -----
This vulnerability can be fixed by applying BOTH of the following patches:
https://git.ffmpeg.org/gitweb/ffmpeg.git/patch/3f621455d62e46745453568d915badd5b1e5bcd5?hp=932037c6bb6b41a24e75b031426844a2e6472a74
https://git.ffmpeg.org/gitweb/ffmpeg.git/patch/c6939f65a116b1ffed345d29d8621ee4ffb32235?hp=23ffeb91fe46f6f95348731396ccfdb7fbff0337

================================= Our Solution =================================

We are waiting for the upstream developers to publish a patch.