FFmpeg LibAVCodec Heap Buffer Overflow Vulnerability

FFmpeg's 'libavcodec' is prone to a heap buffer-overflow vulnerability. This issue is due to the library's failure to properly bounds-check user-supplied data before using it in memory allocation and copy operations.

Attackers may exploit this vulnerability to execute arbitrary code in the context of applications that use an affected version of the libavcodec library.

An attacker can exploit this issue by enticing a user to open a malformed PNG file with an application that uses a vulnerable version of libavcodec. If the application is configured as the default handler for PNG files, this could present a viable web or email attack vector -- when the PNG is clicked from an appropriate client application, the application using the vulnerable library will automatically be invoked.


Privacy Statement
Copyright 2010, SecurityFocus