FFmpeg Studio Profile Decoder Denial of Service Vulnerability [CVE-2019-11339]

CVE Number – CVE-2019-11339

A vulnerability in FFmpeg could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on a targeted system.The vulnerability is due to an out-of-bounds read error of the studio profile decoder, as defined in the libavcodec/mpeg4videodec.c sourcefile of the affected software. An attacker could exploit this vulnerability by supplying the affected software with crafted MPEG-4 video data. A successful exploit could allow the attacker to cause an out-of-bounds read error, which could cause a DoS condition or other unspecified impacts on the targeted system. FFmpeg has confirmed this vulnerability and released software updates.

Analysis

  • To exploit this vulnerability, an attacker must send crafted MPEG-4 video data to the targeted system, making exploitation more difficult in environments that restrict network access from untrusted sources.

Safeguards

  • Administrators are advised to apply the appropriate updates.Administrators are advised to allow only trusted users to have network access.Administrators are advised to monitor critical systems.

Vendor Announcements

  • FFmpeg has released a security issue at the following link: Studio Profile

Fixed Software

Duncan Newell

Duncan is a technology professional with over 20 years experience of working in various IT roles. He has a interest in cyber security, and has a wide range of other skills in radio, electronics and telecommunications.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this:

Notice: ob_end_flush(): failed to send buffer of zlib output compression (0) in /home/systemte/public_html/wp-includes/functions.php on line 4339