[FFmpeg-trac] #9549(avfilter:new): libavfilter results in a flaw during veracode scan

FFmpeg trac at avcodec.org
Mon Dec 6 20:34:49 EET 2021


#9549: libavfilter results in a flaw during veracode scan
-------------------------------------+-------------------------------------
             Reporter:  Bhawna       |                     Type:  defect
  Khosla                             |
               Status:  new          |                 Priority:  normal
            Component:  avfilter     |                  Version:  git-
                                     |  master
             Keywords:               |               Blocked By:
             Blocking:               |  Reproduced by developer:  0
Analyzed by developer:  0            |
-------------------------------------+-------------------------------------
 Veracode Scan of the code where libavfilter is used resulted in a very
 high flaw.

 Flaw : CWE-190 - Integer Overflow or Wraparound

 Module:  libavfilter.so.7.40.101

 Filename : transform.c: 167

 Function Name: avfilter_transform



 Description: This arithmetic operation results in an integer overflow
 error. Because the result of this calculation is larger than the maximum
 possible value for this data type, the result may wrap to become a very
 small, or negative number, therefore providing an unintended value.
 Integer overflows can often trigger buffer overflows, which can be
 exploited to execute arbitrary code.
-- 
Ticket URL: <https://trac.ffmpeg.org/ticket/9549>
FFmpeg <https://ffmpeg.org>
FFmpeg issue tracker


More information about the FFmpeg-trac mailing list