oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

[CVE-2016-8595] ffmpeg crashes with an assert

From: 连一汉 <lianyihan () 360 cn>
Date: Thu, 8 Dec 2016 02:28:11 +0000
Hi , I’m LianYihan ,a security researcher in Qihoo 360 Gear Team.

=========================== target version ==========================

Ffmpeg 3.1.4

=========================== test command =========================

ffmpeg -c:a dvaudio -i input.avi -y output.mp4

============================= crash info ===========================

Assertion 0 failed at libavcodec/gsm_parser.c:59

Program received signal SIGABRT, Aborted.
0x00007ffff70f65f7 in raise () from /lib64/libc.so.6 Missing separate debuginfos, use: debuginfo-install 
glibc-2.17-106.el7_2.4.x86_64 xz-libs-5.1.2-12alpha.el7.x86_64 zlib-1.2.7-15.el7.x86_64
(gdb) bt
#0  0x00007ffff70f65f7 in raise () from /lib64/libc.so.6
#1  0x00007ffff70f7ce8 in abort () from /lib64/libc.so.6
#2  0x00000000008ce5cf in gsm_parse (s1=0x211a160, avctx=0x2119750, poutbuf=0x7fffffffd718, 
poutbuf_size=0x7fffffffd720, buf=0x7fffffffd630 "",
    buf_size=0x0) at libavcodec/gsm_parser.c:59
#3  0x0000000000c0bb3a in av_parser_parse2 (s=0x211a160, avctx=0x2119750, poutbuf=0x7fffffffd718, 
poutbuf_size=0x7fffffffd720, buf=0x7fffffffd630 "",
    buf_size=0x0, pts=0x8000000000000000, dts=0x8000000000000000, pos=0xffffffffffffffff) at libavcodec/parser.c:182
#4  0x000000000077c8ae in parse_packet (s=0x2117310, pkt=0x7fffffffd6a0, stream_index=0x1) at libavformat/utils.c:1358
#5  0x000000000077ce23 in read_frame_internal (s=0x2117310, pkt=0x7fffffffdb40) at libavformat/utils.c:1468
#6  0x0000000000783dda in avformat_find_stream_info (ic=0x2117310, options=0x2117cb0) at libavformat/utils.c:3479
#7  0x000000000040e3b0 in open_input_file (o=0x7fffffffde50, filename=0x7fffffffe70d "input.avi") at ffmpeg_opt.c:1002
#8  0x0000000000416ca7 in open_files (l=0x2117028, inout=0x133e537 "input", open_file=0x40dabb <open_input_file>) at 
ffmpeg_opt.c:3036
#9  0x0000000000416e03 in ffmpeg_parse_options (argc=0x7, argv=0x7fffffffe438) at ffmpeg_opt.c:3073
#10 0x000000000042a640 in main (argc=0x7, argv=0x7fffffffe438) at ffmpeg.c:4335
#11 0x00007ffff70e2b15 in __libc_start_main () from /lib64/libc.so.6
#12 0x00000000004045d9 in _start ()

(gdb) l libavcodec/gsm_parser.c:59
54                  s->block_size = avctx->block_align ? avctx->block_align
55                                                     : GSM_MS_BLOCK_SIZE;
56                  s->duration   = GSM_FRAME_SIZE * 2;
57                  break;
58              default:
59                  av_assert0(0);
60              }
61          }

-----邮件原件-----
发件人: cve-request () mitre org [mailto:cve-request () mitre org] 
发送时间: 2016年10月11日 22:52
收件人: 连一汉
抄送: cve-request () mitre org
主题: Re: [scr247746] assert result in DOS


[VulnerabilityType Other]
assert result in DOS

------------------------------------------

[Affected Product Code Base]
ffmpeg - 3.1.4


Use CVE-2016-8595.

--
CVE Assignment Team
M/S M300, 202 Burlington Road, Bedford, MA 01730 USA [ A PGP key is available for encrypted communications at
  http://cve.mitre.org/cve/request_id.html ]
Previous By Date Next
Previous By Thread Next

Current thread: