Headline
CVE-2021-28429: git.ffmpeg.org Git - ffmpeg.git/commitdiff
Integer overflow vulnerability in av_timecode_make_string in libavutil/timecode.c in FFmpeg version 4.3.2, allows local attackers to cause a denial of service (DoS) via crafted .mov file.
author
Michael Niedermayer [email protected]
Mon, 1 Mar 2021 12:44:12 +0000 (13:44 +0100)
committer
Michael Niedermayer [email protected]
Sun, 14 Mar 2021 22:29:51 +0000 (23:29 +0100)
Fixes: Integer overflow and division by 0
Fixes: poc-202102-div.mov
Found-by: 1vanChen of NSFOCUS Security Team
Signed-off-by: Michael Niedermayer [email protected]
index b1b504edbf601d8cd59effa71b2edf97791aa0e6…2fc3295e25dedc328a2943673b7c8734570516c1 100644 (file)
@@ -114,8 +114,8 @@ char *av_timecode_make_string(const AVTimecode *tc, char *buf, int framenum)
}
ff = framenum % fps;
ss = framenum / fps % 60;
- mm = framenum / (fps*60) % 60;
- hh = framenum / (fps*3600);
mm = framenum / (fps*60LL) % 60;
hh = framenum / (fps*3600LL);
if (tc->flags & AV_TIMECODE_FLAG_24HOURSMAX)
hh = hh % 24;snprintf(buf, AV_TIMECODE_STR_SIZE, "%s%02d:%02d:%02d%c%02d",
Related news
Ubuntu Security Notice 6430-1 - It was discovered that FFmpeg did not properly handle certain inputs in vf_lagfun.c, resulting in a buffer overflow vulnerability. An attacker could possibly use this issue to cause a denial of service via application crash. This issue only affected Ubuntu 20.04 LTS. It was discovered that FFmpeg incorrectly managed memory in avienc.c, resulting in a memory leak. An attacker could possibly use this issue to cause a denial of service via application crash.