OSVDB ID: 79287

Title: FFmpeg Matroska Codec matroska_parse_block Function Unspecified Buffer Overflow

Info

Disclosure

Feb 15, 2012

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Unknown

Description

FFmpeg contains an unspecified overflow condition in the 'matroska_parse_block' function in libavformat/matroskadec.c. With a specially crafted MKV file, a context-dependent attacker can cause a heap-based buffer overflow, resulting in a denial of service or potentially allowing the execution of arbitrary code.

Classification

Location: Context Dependent
Attack Type: Input Manipulation
Impact: Loss of Integrity
Solution: Third-Party Solution, Solution Unknown
Exploit: PoC Public
Disclosure: Vendor Verified, Coordinated Disclosure
OSVDB: Web Related

Solution

OSVDB is not currently aware of a solution for this vulnerability. Upgrade to Google Chrome version 17.0.963.56 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Products

Google, Inc.

Chrome

17.0.963.46

FFmpeg Project

FFmpeg

Unspecified

References

CVE ID: 2011-3019 (see also: NVD)
Secunia Advisory ID: 48016 48059 48866
Related OSVDB ID: 79283 79284 79285 79286 79288 79289 79290 79291 79292 79293 79294 79295
Vendor Specific News/Changelog Entry: http://googlechromereleases.blogspot.com/2012/02/chrome-stable-update.html
http://security.gentoo.org/glsa/glsa-201202-01.xml
http://www.srware.net/forum/viewtopic.php?f=18&t=3521
Vendor Specific Advisory URL: https://code.google.com/p/chromium/issues/detail?id=110849

Credit

Unknown or Incomplete

Direct URL: http://osvdb.org/79287