| 제목 | FFmpeg git master stack-buffer-overflow |
|---|
| 설명 | A stack buffer overflow vulnerability was discovered in FFmpeg's AAC encoder implementation. The vulnerability exists in the ff_aac_search_for_tns function within libavcodec/aacenc_tns.c (line 204). When encoding audio with specific AAC parameters (aac_pred true and profile:a aac_low), the function attempts to read 4 bytes at an offset that exceeds the bounds of the 'en' stack buffer, which is only 8 bytes in size (allocated at line 183).
Technical Impact:
- The vulnerability leads to a stack buffer overflow when reading memory 4 bytes beyond the allocated buffer
- This could potentially be exploited to cause memory corruption or program crashes
- In certain scenarios, this might lead to arbitrary code execution
The issue can be reproduced by:
1. Building FFmpeg from the main branch with Address Sanitizer enabled
2. Processing a specially crafted input file with the following FFmpeg command:
./ffmpeg -i [input_file] -aac_pred true -profile:a aac_low output.mpd
The vulnerability was confirmed using AddressSanitizer, which detected the buffer overflow during the execution of ff_aac_search_for_tns().
Affected Component: FFmpeg AAC encoder (libavcodec/aacenc_tns.c)
Affected Function: ff_aac_search_for_tns
Affected Version: FFmpeg main branch (as of discovery date)
Attack Vector: Processing a specially crafted audio file
FFmpeg user: 0x20z |
|---|
| 원천 | ⚠️ https://trac.ffmpeg.org/ticket/11418#comment:3 |
|---|
| 사용자 | 0x20z (UID 81279) |
|---|
| 제출 | 2025. 02. 08. AM 09:05 (1 년도 ago) |
|---|
| 모더레이션 | 2025. 02. 22. PM 11:10 (15 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 296589 [FFmpeg 까지 7.1 AAC Encoder libavcodec/aacenc_tns.c ff_aac_search_for_tns 메모리 손상] |
|---|
| 포인트들 | 20 |
|---|