PT-2018-5227 · FFmpeg+2 · Ffmpeg+3

Jan Ruge

Published

2017-02-09

Updated

2019-03-31

CVE-2017-1000460

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions libav version 13 dev0 ffmpeg version n3.4 chromium versions prior to 56 (before Feb 13, 2017)

Description The issue arises from the return value of init get bits being ignored, leading to get ue golomb(&gb) being called on an uninitialized get bits context. This results in a NULL deref exception.

Recommendations For libav version 13 dev0, ensure proper initialization of the get bits context before calling get ue golomb(&gb). For ffmpeg version n3.4, verify the return value of init get bits to prevent calling get ue golomb(&gb) on an uninitialized context. For chromium versions prior to 56 (before Feb 13, 2017), update to a version released after Feb 13, 2017, to ensure the issue is resolved.

Exploit

Fix

NULL Pointer Dereference

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-476

Related Identifiers

ALT-PU-2017-1150

CVE-2017-1000460

DLA-1740-1

Affected Products

Alt Linux

Chromium

Ffmpeg

Libav

PT-2018-5227 · FFmpeg+2 · Ffmpeg+3

CVE-2017-1000460

Weakness Enumeration

Related Identifiers

Affected Products

References · 66