[FFmpeg-devel] Security issues?

Baptiste Coudurier baptiste.coudurier
Wed Sep 23 21:04:22 CEST 2009


On 09/23/2009 11:44 AM, Michael Niedermayer wrote:
> On Wed, Sep 23, 2009 at 11:18:09AM -0700, Baptiste Coudurier wrote:
>> On 09/23/2009 03:17 AM, Michael Niedermayer wrote:
>>> On Tue, Sep 22, 2009 at 08:09:08PM +0200, Michael Niedermayer wrote:
>>>> Hi
>>>>
>>>> lars has mailed me the following 2 links
>>>> http://www.heise.de/newsticker/Sicherheitsluecken-in-VLC-und-FFmpeg--/meldung/145655
>>>> http://secunia.com/advisories/36805/
>>>
>>> another mov issue (not security relevant!)
>>> http://src.chromium.org/viewvc/chrome/trunk/deps/third_party/ffmpeg/patches/to_upstream/29_mov_dref_looping.patch?revision=25014&view=markup
>>>
>>> i think this one can just be applied
>>
>> Nope, not security relevant, besides I'd like to see the file the causes
>> the problem.
>
> i havnt downloaded it but they list this one:
> https://cevans-app.appspot.com/static/video/clockh264aac_200021889.mp4
>
>
>> Because the counter is fixed and it will stop after some time,
>> although seeking around.
>
> i think the issue is that it can seek back to the same spot so even a
> very small file could tie up the demuxer for a long time until the
> counter reachs zero

Humm, it seems that seeking back to the same spot won't affect the loop 
counter here.

dref count 33554433

That's the problem, size seems correct to me.

-- 
Baptiste COUDURIER
Key fingerprint                 8D77134D20CC9220201FC5DB0AC9325C5C1ABAAA
FFmpeg maintainer                                  http://www.ffmpeg.org



More information about the ffmpeg-devel mailing list