Source: ffmpeg
Version: 7:3.4-4
Severity: normal
Tags: security upstream
Control: found -1 7:3.4.1-1
Hi,
the following vulnerability was published for ffmpeg.
CVE-2017-17555[0]:
| The swri_audio_convert function in audioconvert.c in FFmpeg
| libswresample through 3.0.101, as used in FFmpeg 3.4.1, aubio 0.4.6,
| and other products, allows remote attackers to cause a denial of
| service (NULL pointer dereference and application crash) via a crafted
| audio file.
The issue is triggerable/demostrable with the POC attached to [1]:
$ ./aubio/build/examples/aubiomfcc ./crash-2-null-ptr
[mp3 @ 0x61b000000080] Format mp3 detected only with low score of 1,
misdetection possible!
[mp3 @ 0x61b000000080] Skipping 3350 bytes of junk at 0.
[mp3 @ 0x61b000000080] Estimating duration from bitrate, this may be inaccurate
0.000000 -18.015953 -0.012183 -0.867832 -0.616462 0.813869 -1.063807
-0.276262 -0.236723 -1.673019 1.016008 -0.041898 0.450148 -0.699137
ASAN:DEADLYSIGNAL
=================================================================
==13255==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc
0x7fd18a85df33 bp 0x000000000004 sp 0x7ffec8afd8e8 T0)
==13255==The signal is caused by a READ memory access.
==13255==Hint: address points to the zero page.
#0 0x7fd18a85df32 (/usr/lib/x86_64-linux-gnu/libswresample.so.2+0x11f32)
AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV
(/usr/lib/x86_64-linux-gnu/libswresample.so.2+0x11f32)
==13255==ABORTING
Backtrace:
Program received signal SIGSEGV, Segmentation fault.
0x00007ffff2af0f33 in ff_int16_to_float_a_sse2.next ()
at src/libswresample/x86/audio_convert.asm:656
656 src/libswresample/x86/audio_convert.asm: No such file or directory.
(gdb) bt
#0 0x00007ffff2af0f33 in ff_int16_to_float_a_sse2.next ()
at src/libswresample/x86/audio_convert.asm:656
#1 0x00007ffff2ae78de in swri_audio_convert (ctx=0x607000001740,
out=out@entry=0x6320000037d0, in=in@entry=0x6320000035b0, len=len@entry=384) at
src/libswresample/audioconvert.c:226
#2 0x00007ffff2aee190 in swr_convert_internal (s=s@entry=0x632000000800,
out=out@entry=0x632000003e30, out_count=out_count@entry=384,
in=in@entry=0x6320000035b0, in_count=in_count@entry=384)
at src/libswresample/swresample.c:633
#3 0x00007ffff2aef252 in swr_convert_internal (in_count=384,
in=0x6320000035b0, out_count=384, out=0x632000003e30, s=0x632000000800) at
src/libswresample/swresample.c:470
#4 0x00007ffff2aef252 in swr_convert (s=0x632000000800, out_arg=<optimized
out>, out_count=<optimized out>, in_arg=<optimized out>, in_count=<optimized
out>)
at src/libswresample/swresample.c:800
#5 0x00007ffff6c08af5 in aubio_source_avcodec_readframe ()
at /usr/lib/x86_64-linux-gnu/libaubio.so.5
#6 0x00007ffff6c08c65 in aubio_source_avcodec_do () at
/usr/lib/x86_64-linux-gnu/libaubio.so.5
#7 0x0000555555559db4 in examples_common_process (process_func=0x5555555591fb
<process_block>, print=0x555555559266 <process_print>) at
../examples/utils.c:160
#8 0x0000555555559875 in main (argc=2, argv=0x7fffffffeb88) at
../examples/aubiomfcc.c:66
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2017-17555
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17555
[1]
https://github.com/IvanCql/vulnerability/blob/master/An%20NULL%20pointer%20dereference(DoS)%20Vulnerability%20was%20found%20in%20function%20swri_audio_convert%20of%20ffmpeg%20libswresample.md
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
_______________________________________________
pkg-multimedia-maintainers mailing list
pkg-multimedia-maintainers@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers
