FFmpeg 7.0+ Integer Overflow in FFmpeg yuvcmp Tool Leads to Out-of-Bounds Allocation
FFmpeg yuvcmp工具在处理大宽高参数时存在整数溢出漏洞,导致内存分配错误和潜在的安全风险如DoS或堆溢出。影响版本为7.0至8.0。 2025-9-8 22:28:29 Author: seclists.org(查看原文) 阅读量:1 收藏
FFmpeg yuvcmp工具在处理大宽高参数时存在整数溢出漏洞,导致内存分配错误和潜在的安全风险如DoS或堆溢出。影响版本为7.0至8.0。 2025-9-8 22:28:29 Author: seclists.org(查看原文) 阅读量:1 收藏
Full Disclosure mailing list archives
From: Ron E <ronaldjedgerson () gmail com>
Date: Sun, 7 Sep 2025 01:35:50 -0400
The FFmpeg tools/yuvcmp utility is vulnerable to an integer overflow when large width and height parameters are supplied. The overflow occurs during buffer size calculations (width * height) leading to incorrect allocation sizes and subsequent memory corruption. An attacker controlling input dimensions can trigger large or invalid memory allocations, leading to denial of service (DoS), memory exhaustion, or potential heap corruption. (FFmpeg 7.0-8.0) *Impact:* - DoS via crash on allocation failure. - Potential heap overflow / OOM condition if overflow results in undersized allocations followed by large reads. *Proof of Concept:* ./yuvcmp file1.yuv file2.yuv 70000 70000 pixelcmp *Output:*yuvcmp.c:37:22: runtime error: signed integer overflow: 70000 * 70000 cannot be represented in type 'int' ==ERROR: AddressSanitizer: requested allocation size ... exceeds maximum _______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: https://seclists.org/fulldisclosure/
Current thread:
- FFmpeg 7.0+ Integer Overflow in FFmpeg yuvcmp Tool Leads to Out-of-Bounds Allocation Ron E (Sep 08)
文章来源: https://seclists.org/fulldisclosure/2025/Sep/26
如有侵权请联系:admin#unsafe.sh
如有侵权请联系:admin#unsafe.sh