[FFmpeg-trac] #9549(avfilter:new): libavfilter results in a flaw during veracode scan
FFmpeg
trac at avcodec.org
Mon Dec 6 20:34:49 EET 2021
#9549: libavfilter results in a flaw during veracode scan
-------------------------------------+-------------------------------------
Reporter: Bhawna | Type: defect
Khosla |
Status: new | Priority: normal
Component: avfilter | Version: git-
| master
Keywords: | Blocked By:
Blocking: | Reproduced by developer: 0
Analyzed by developer: 0 |
-------------------------------------+-------------------------------------
Veracode Scan of the code where libavfilter is used resulted in a very
high flaw.
Flaw : CWE-190 - Integer Overflow or Wraparound
Module: libavfilter.so.7.40.101
Filename : transform.c: 167
Function Name: avfilter_transform
Description: This arithmetic operation results in an integer overflow
error. Because the result of this calculation is larger than the maximum
possible value for this data type, the result may wrap to become a very
small, or negative number, therefore providing an unintended value.
Integer overflows can often trigger buffer overflows, which can be
exploited to execute arbitrary code.
--
Ticket URL: <https://trac.ffmpeg.org/ticket/9549>
FFmpeg <https://ffmpeg.org>
FFmpeg issue tracker
More information about the FFmpeg-trac
mailing list