In FFmpeg 2.4 and 3.3.3, the read_data function in libavformat/hls.c does not restrict reload attempts for an insufficient list, which allows remote attackers to cause a denial of service (infinite loop).
Weakness
The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Ffmpeg | Ffmpeg | 3.3.3 (including) | 3.3.3 (including) |
| Ffmpeg | Ubuntu | artful | * |
| Ffmpeg | Ubuntu | esm-apps/xenial | * |
| Ffmpeg | Ubuntu | xenial | * |
| Ffmpeg | Ubuntu | zesty | * |
References
- http://www.debian.org/security/2017/dsa-3996
- http://www.securityfocus.com/bid/100629
- https://github.com/FFmpeg/FFmpeg/commit/7ba100d3e6e8b1e5d5342feb960a7f081d6e15af
- https://github.com/FFmpeg/FFmpeg/commit/7ec414892ddcad88313848494b6fc5f437c9ca4a
- https://lists.debian.org/debian-lts-announce/2019/03/msg00041.html
- http://www.debian.org/security/2017/dsa-3996
- http://www.securityfocus.com/bid/100629
- https://github.com/FFmpeg/FFmpeg/commit/7ba100d3e6e8b1e5d5342feb960a7f081d6e15af
- https://github.com/FFmpeg/FFmpeg/commit/7ec414892ddcad88313848494b6fc5f437c9ca4a
- https://lists.debian.org/debian-lts-announce/2019/03/msg00041.html