[FFmpeg-trac] #8718(avfilter:closed): Heap buffer overflow in crash_dnn_execute_layer_pad due to integer overflow in memcpy
FFmpeg
trac at avcodec.org
Sat Jul 11 13:52:55 EEST 2020
#8718: Heap buffer overflow in crash_dnn_execute_layer_pad due to integer overflow
in memcpy
-------------------------------------+-------------------------------------
Reporter: assafsion | Owner: guoyejun
Type: defect | Status: closed
Priority: important | Component: avfilter
Version: git-master | Resolution: fixed
Keywords: dnn crash | Blocked By:
SIGSEGV |
Blocking: | Reproduced by developer: 1
Analyzed by developer: 0 |
-------------------------------------+-------------------------------------
Comment (by cehoyos):
Replying to [comment:5 assafsion]:
> This bug could lead to code execution and fixing this bug is highly
important.
Since other people may read this:
This bug can lead to code execution if the attacker already has full
control over the `ffmpeg` command line. If an attacker has full control
over the `ffmpeg` command line, they system is already compromised
independently of this bug.
--
Ticket URL: <https://trac.ffmpeg.org/ticket/8718#comment:9>
FFmpeg <https://ffmpeg.org>
FFmpeg issue tracker
More information about the FFmpeg-trac
mailing list