Vigil@nce - FFmpeg: unreachable memory reading via mjpegdec.c
February 2015 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can force a read at an invalid address in mjpegdec.c
of FFmpeg, in order to trigger a denial of service.
Impacted products: Unix (platform)
Severity: 1/4
Creation date: 18/02/2015
DESCRIPTION OF THE VULNERABILITY
The FFmpeg suite contains several libraries to process multimedia
data.
However, when a JPEG-LS document is used, the
libavcodec/mjpegdec.c file tries to read a memory area which is
not reachable, which triggers a fatal error.
An attacker can therefore force a read at an invalid address in
mjpegdec.c of FFmpeg, in order to trigger a denial of service.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/FFmpeg-unreachable-memory-reading-via-mjpegdec-c-16213