Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2020-22049: #8314 (memory leaks in wtvfile_open_sector()) – FFmpeg

A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the wtvfile_open_sector function in wtvdec.c.

CVE
Open in Source
#vulnerability#ubuntu#linux#dos#git

#8314 closed defect (fixed)

Reported by:

Owned by:

Priority:

normal

Component:

avformat

Version:

git-master

Keywords:

wtv leak

Cc:

Blocked By:

Blocking:

Reproduced by developer:

yes

Analyzed by developer:

no

Summary of the bug:
There’re memory leaks detected in wtvfile_open_sector()
How to reproduce:

% ffmpeg_g -i $PoC tmp.lxf

ffmpeg version N-95464-g7056ddc0e0 Copyright © 2000-2019 the FFmpeg developers built with clang version 6.0.0-1ubuntu2 (tags/RELEASE_600/final) configuration: --cc=clang --cxx=clang++ --ld=clang --enable-debug

Here’s Valgrind log

==10445== HEAP SUMMARY: ==10445== in use at exit: 5,236 bytes in 38 blocks ==10445== total heap usage: 102 allocs, 64 frees, 79,475 bytes allocated ==10445== ==10445== 4,412 (264 direct, 4,148 indirect) bytes in 1 blocks are definitely lost in loss record 33 of 33 ==10445== at 0x9FE3E76: memalign (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==10445== by 0x9FE3F91: posix_memalign (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==10445== by 0x592EC7D: av_malloc (mem.c:87) ==10445== by 0x14731F6: avio_alloc_context (aviobuf.c:140) ==10445== by 0x1AB7BA6: wtvfile_open_sector (wtvdec.c:238) ==10445== by 0x1AB7BA6: wtvfile_open2 (wtvdec.c:289) ==10445== by 0x1AB3355: read_header (wtvdec.c:989) ==10445== by 0x1A145FC: avformat_open_input (utils.c:633) ==10445== by 0x42FFF7: open_input_file (ffmpeg_opt.c:1105) ==10445== by 0x42DE5E: open_files (ffmpeg_opt.c:3283) ==10445== by 0x42DB4F: ffmpeg_parse_options (ffmpeg_opt.c:3323) ==10445== by 0x487BB3: main (ffmpeg.c:4862) ==10445== ==10445== LEAK SUMMARY: ==10445== definitely lost: 264 bytes in 1 blocks ==10445== indirectly lost: 4,148 bytes in 3 blocks ==10445== possibly lost: 0 bytes in 0 blocks ==10445== still reachable: 824 bytes in 34 blocks ==10445== suppressed: 0 bytes in 0 blocks ==10445== Reachable blocks (those to which a pointer was found) are not shown. ==10445== To see them, rerun with: --leak-check=full --show-leak-kinds=all ==10445== ==10445== For counts of detected and suppressed errors, rerun with: -v ==10445== ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 0 from 0)

Please confirm.
Thanks

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE
CVE-2023-6905
CVE
CVE-2023-6903
CVE
CVE-2023-6904
CVE
CVE-2023-3907
CVE