OSVDB ID: 70463

Title: FFmpeg Vorbis Decoder vorbis_dec.c Channel Floor Buffer Memory Corruption

Info

Disclosure
Jan 12, 2011

Discovery
Unknown

Dates

Exploit
Unknown

Solution
Jan 12, 2011

Description

 FFmpeg contains a flaw in the Vorbis decoder within the 'vorbis_parse_setup_hdr_floors' function [vorbis_dec.c]. The issue is triggered as user-supplied input is not properly sanitized when processing the channel floor value. With a specially crafted WebM file, a context-dependent attacker can corrupt memory to cause a denial of service or potentially execute arbitrary code.

Classification

 Location: Context Dependent
Attack Type: Input Manipulation
Impact: Loss of Integrity
Solution: Upgrade
Exploit: Exploit Public
Disclosure: Vendor Verified, Coordinated Disclosure

Solution

 Upgrade to version 0.6.90-rc0 (FFmpeg), 8.0.552.237 (Chrome), 8.0.552.344 (Chrome OS) or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Products

Google, Inc.

Chrome

 8.0.552.224

Chrome OS

 8.0.552.343

References

Credit

Unknown or Incomplete


Direct URL: http://osvdb.org/70463