Home
Packages
Forums
Wiki
GitLab
Security
AUR
Download

issues
advisories
todo
stats
log
login

CVE-2021-38171 - log back

CVE-2021-38171 edited at 07 Nov 2021 12:58:05

Description

-	adts_decode_extradata in libavformat/adtsenc.c in FFmpeg 4.4 does not check the init_get_bits return value, which is a necessary step because the second argument to init_get_bits can be crafted.
+	adts_decode_extradata in libavformat/adtsenc.c in FFmpeg before version 4.4.1 does not check the init_get_bits return value, which is a necessary step because the second argument to init_get_bits can be crafted.

References

	https://patchwork.ffmpeg.org/project/ffmpeg/patch/AS8P193MB12542A86E22F8207EC971930B6F19@AS8P193MB1254.EURP193.PROD.OUTLOOK.COM/
-	https://github.com/FFmpeg/FFmpeg/commit/9ffa49496d1aae4cbbb387aac28a9e061a6ab0a6
+	https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=fb993619d1035fa9646506925ea70fb122038999

CVE-2021-38171 created at 23 Aug 2021 10:48:39

Severity

+

Medium

Remote

+

Remote

Type

+	Insufficient validation

Description

+	adts_decode_extradata in libavformat/adtsenc.c in FFmpeg 4.4 does not check the init_get_bits return value, which is a necessary step because the second argument to init_get_bits can be crafted.

References

+	https://patchwork.ffmpeg.org/project/ffmpeg/patch/AS8P193MB12542A86E22F8207EC971930B6F19@AS8P193MB1254.EURP193.PROD.OUTLOOK.COM/
+	https://github.com/FFmpeg/FFmpeg/commit/9ffa49496d1aae4cbbb387aac28a9e061a6ab0a6

Notes