CVE-2016-7477 in libavinfo

Summary

by MITRE

The ff_put_pixels8_xy2_mmx function in rnd_template.c in Libav 11.7 allows remote attackers to cause a denial of service (invalid memory access and crash) via a crafted mp3 file. NOTE: this issue was originally reported as involving a NULL pointer dereference.

Once again VulDB remains the best source for vulnerability data.

Analysis

by VulDB Data Team • 08/15/2020

The vulnerability identified as CVE-2016-7477 resides within the Libav multimedia framework version 11.7, specifically within the ff_put_pixels8_xy2_mmx function located in the rnd_template.c source file. This function implements MMX assembly code for pixel processing operations, which are critical components in multimedia decoding and rendering. The flaw manifests when processing specially crafted mp3 files that contain malformed data structures, leading to improper memory handling during the pixel rendering process. The vulnerability initially reported as a NULL pointer dereference has been expanded to encompass broader invalid memory access patterns that can trigger system crashes.

The technical root cause of this vulnerability stems from inadequate input validation and memory boundary checking within the MMX assembly implementation. When the ff_put_pixels8_xy2_mmx function processes the malicious mp3 file data, it fails to properly validate the coordinates or pixel dimensions specified in the audio file's metadata or frame data. This validation gap allows attackers to craft mp3 files containing oversized or malformed coordinate values that exceed the allocated memory buffers during the pixel processing operations. The function executes without proper bounds checking, causing it to attempt memory accesses beyond valid buffer boundaries, resulting in segmentation faults or memory corruption that terminates the application process.

From an operational perspective, this vulnerability presents a significant denial of service risk for applications and systems that rely on Libav for multimedia processing. Attackers can remotely exploit this flaw by uploading or distributing malicious mp3 files that, when processed by vulnerable applications, will cause immediate application crashes. This affects a wide range of software including media players, streaming servers, content management systems, and any application that utilizes Libav's audio decoding capabilities. The impact extends beyond simple service disruption as the vulnerability can be leveraged in larger attack chains, potentially leading to more severe consequences when combined with other exploitation techniques.

The vulnerability aligns with CWE-125, which addresses out-of-bounds read conditions, and CWE-787, which covers out-of-bounds write operations. From an ATT&CK framework perspective, this represents a denial of service attack vector that can be categorized under T1499.004 for network denial of service, and potentially T1059 for command and control through exploitation of media processing applications. Organizations using affected versions of Libav should implement immediate mitigations including updating to patched versions, implementing input validation controls for mp3 file processing, and deploying network segmentation to limit exposure of vulnerable services. The fix typically involves adding proper bounds checking in the MMX assembly code and implementing robust input validation before pixel processing operations begin.

Reservation

09/09/2016

Disclosure

02/15/2017

Moderation

accepted

Entry

VDB-96992

CPE

ready

EPSS

0.01708

KEV

no

Activities

very low

Sources

Do you want to use VulDB in your project?

Use the official API to access entries easily!