oss-sec mailing list archives
[CVE-2016-8595] ffmpeg crashes with an assert
From: 连一汉 <lianyihan () 360 cn>
Date: Thu, 8 Dec 2016 02:28:11 +0000
Hi , I’m LianYihan ,a security researcher in Qihoo 360 Gear Team. =========================== target version ========================== Ffmpeg 3.1.4 =========================== test command ========================= ffmpeg -c:a dvaudio -i input.avi -y output.mp4 ============================= crash info =========================== Assertion 0 failed at libavcodec/gsm_parser.c:59 Program received signal SIGABRT, Aborted. 0x00007ffff70f65f7 in raise () from /lib64/libc.so.6 Missing separate debuginfos, use: debuginfo-install glibc-2.17-106.el7_2.4.x86_64 xz-libs-5.1.2-12alpha.el7.x86_64 zlib-1.2.7-15.el7.x86_64 (gdb) bt #0 0x00007ffff70f65f7 in raise () from /lib64/libc.so.6 #1 0x00007ffff70f7ce8 in abort () from /lib64/libc.so.6 #2 0x00000000008ce5cf in gsm_parse (s1=0x211a160, avctx=0x2119750, poutbuf=0x7fffffffd718, poutbuf_size=0x7fffffffd720, buf=0x7fffffffd630 "", buf_size=0x0) at libavcodec/gsm_parser.c:59 #3 0x0000000000c0bb3a in av_parser_parse2 (s=0x211a160, avctx=0x2119750, poutbuf=0x7fffffffd718, poutbuf_size=0x7fffffffd720, buf=0x7fffffffd630 "", buf_size=0x0, pts=0x8000000000000000, dts=0x8000000000000000, pos=0xffffffffffffffff) at libavcodec/parser.c:182 #4 0x000000000077c8ae in parse_packet (s=0x2117310, pkt=0x7fffffffd6a0, stream_index=0x1) at libavformat/utils.c:1358 #5 0x000000000077ce23 in read_frame_internal (s=0x2117310, pkt=0x7fffffffdb40) at libavformat/utils.c:1468 #6 0x0000000000783dda in avformat_find_stream_info (ic=0x2117310, options=0x2117cb0) at libavformat/utils.c:3479 #7 0x000000000040e3b0 in open_input_file (o=0x7fffffffde50, filename=0x7fffffffe70d "input.avi") at ffmpeg_opt.c:1002 #8 0x0000000000416ca7 in open_files (l=0x2117028, inout=0x133e537 "input", open_file=0x40dabb <open_input_file>) at ffmpeg_opt.c:3036 #9 0x0000000000416e03 in ffmpeg_parse_options (argc=0x7, argv=0x7fffffffe438) at ffmpeg_opt.c:3073 #10 0x000000000042a640 in main (argc=0x7, argv=0x7fffffffe438) at ffmpeg.c:4335 #11 0x00007ffff70e2b15 in __libc_start_main () from /lib64/libc.so.6 #12 0x00000000004045d9 in _start () (gdb) l libavcodec/gsm_parser.c:59 54 s->block_size = avctx->block_align ? avctx->block_align 55 : GSM_MS_BLOCK_SIZE; 56 s->duration = GSM_FRAME_SIZE * 2; 57 break; 58 default: 59 av_assert0(0); 60 } 61 } -----邮件原件----- 发件人: cve-request () mitre org [mailto:cve-request () mitre org] 发送时间: 2016年10月11日 22:52 收件人: 连一汉 抄送: cve-request () mitre org 主题: Re: [scr247746] assert result in DOS
[VulnerabilityType Other] assert result in DOS ------------------------------------------ [Affected Product Code Base] ffmpeg - 3.1.4
Use CVE-2016-8595. -- CVE Assignment Team M/S M300, 202 Burlington Road, Bedford, MA 01730 USA [ A PGP key is available for encrypted communications at http://cve.mitre.org/cve/request_id.html ]
Current thread:
- [CVE-2016-8595] ffmpeg crashes with an assert 连一汉 (Dec 07)