| عنوان | FFmpeg git master NULL Pointer Dereference |
|---|
| الوصف | A segmentation fault vulnerability was discovered in FFmpeg's MOV/MP4 parser implementation. The vulnerability exists in the mov_read_trak function within libavformat/mov.c (line 5209). When processing a specially crafted media file, the function attempts to read from a near-null memory address (0x000000000004), causing a segmentation fault.
Technical Impact:
- The vulnerability leads to a segmentation fault due to null pointer dereference
- This results in program termination when processing malformed input files
- The issue can be exploited to cause denial of service (DoS)
The vulnerability can be reproduced by:
1. Building FFmpeg from the main branch with Address Sanitizer enabled
2. Processing a specially crafted input file with the following FFmpeg command:
./ffmpeg -y -i [poc_file] tmp.mp4
The vulnerability was confirmed using AddressSanitizer, which detected the segmentation fault during the execution of mov_read_trak() while attempting to read from an invalid memory address.
Attack Vector:
- Processing a specially crafted MOV/MP4 file
Affected Components:
- FFmpeg MOV/MP4 parser (libavformat/mov.c)
- Function: mov_read_trak
- Version: FFmpeg main branch (as of discovery date)
Impact:
- Denial of Service through program crash
- Potential for information disclosure
Ffmpeg user : 0x20z |
|---|
| المصدر | ⚠️ https://trac.ffmpeg.org/ticket/11460#comment:1 |
|---|
| المستخدم | 0x20z (UID 81279) |
|---|
| ارسال | 08/02/2025 09:13 AM (1 سنة منذ) |
|---|
| الاعتدال | 16/02/2025 11:43 AM (8 days later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 295982 [FFmpeg حتى 7.1 MOV Parser libavformat/mov.c mov_read_trak الحرمان من الخدمة] |
|---|
| النقاط | 20 |
|---|