ffmpeg -- 4xm processing memory corruption vulnerability

2009-01-28T00:00:00
ID 6733E1BF-125F-11DE-A964-0030843D3802
Type freebsd
Reporter FreeBSD
Modified 2009-01-28T00:00:00

Description

Secunia reports:

Tobias Klein has reported a vulnerability in FFmpeg, which potentially can be exploited by malicious people to compromise an application using the library. The vulnerability is caused due to a signedness error within the "fourxm_read_header()" function in libavformat/4xm.c. This can be exploited to corrupt arbitrary memory via a specially crafted 4xm file.