ffmpeg endless loop when dealing with craft swf file

2016.09.26

Credit: 连一汉

Risk: Medium

Local: Yes

Remote: No

CVE: CVE-2016-6881

CWE: N/A

CVSS Base Score: 4.3/10

Impact Subscore: 2.9/10

Exploitability Subscore: 8.6/10

Exploit range: Remote

Attack complexity: Medium

Authentication: No required

Confidentiality impact: None

Integrity impact: None

Availability impact: Partial

I'm Lian ,a security researcher from Qihoo 360 .
I found a vulnerability of ffmpeg . And this could cause ffmpeg get into endless loop !
================== target system ======================
ffmpeg version 3.1.2 Copyright (c)
Ffmpeg -i poc.swf -b:v 640k -y output.ts
================== target web site ======================
https://ffmpeg.org/
========================= key codes ======================
swfdec.c: line 121
zlib_refill()
{
retry:
ret = inflate(z, Z_NO_FLUSH); // ret is always 2 (Z_NEED_DICT) , and other variates will not been changed.
if (buf_size - z->avail_out == 0)
goto retry;
Our understanding is that swfdec.c is part of the libavformat library and thus this issue may affect other applications
that use that library.

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

ffmpeg endless loop when dealing with craft swf file

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.