First Last Prev Next    This bug is not in your last search results.
Bug 1173019 - (CVE-2020-14212) VUL-0: CVE-2020-14212: ffmpeg: heap-based buffer overflow in avio_get_str in libavformat/aviobuf.c
(CVE-2020-14212)
VUL-0: CVE-2020-14212: ffmpeg: heap-based buffer overflow in avio_get_str in ...
Status: NEW
Classification: openSUSE
Product: openSUSE Distribution
Classification: openSUSE
Component: Security
Leap 15.1
Other Other
: P3 - Medium : Minor (vote)
: ---
Assigned To: Alynx Zhou
E-mail List
https://smash.suse.de/issue/261647/
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2020-06-17 07:07 UTC by Wolfgang Frisch
Modified: 2021-06-01 01:46 UTC (History)
3 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
10.jpg (reproducer part 1/2) (18.09 KB, image/jpeg)
2020-06-17 07:24 UTC, Wolfgang Frisch 		Details
crash_dnn_backend_native_1 (reproducer part 2/2) (111 bytes, application/octet-stream)
2020-06-17 07:24 UTC, Wolfgang Frisch 		Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Wolfgang Frisch 2020-06-17 07:07:51 UTC 
CVE-2020-14212

FFmpeg through 4.3 has a heap-based buffer overflow in avio_get_str in
libavformat/aviobuf.c because dnn_backend_native.c calls
ff_dnn_load_model_native and a certain index check is omitted.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-14212
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14212
https://trac.ffmpeg.org/ticket/8716
https://patchwork.ffmpeg.org/project/ffmpeg/list/?series=1463
Comment 1 Wolfgang Frisch 2020-06-17 07:22:22 UTC 
ffmpeg in SLE does not support dnn_backend_native yet and therefore is not affected.
Comment 2 Wolfgang Frisch 2020-06-17 07:24:10 UTC 
Created attachment 838882 [details]
10.jpg (reproducer part 1/2)
Comment 3 Wolfgang Frisch 2020-06-17 07:24:33 UTC 
Created attachment 838883 [details]
crash_dnn_backend_native_1 (reproducer part 2/2)
Comment 4 Wolfgang Frisch 2020-06-17 07:25:31 UTC 
>I compiled ffmpeg on Ubuntu 18.04 with the following configuration:
>--cc=clang --extra-cflags='-O0 -g3 -fsanitize=address -Wno-error -fPIC' --extra-ldflags='-O0 -g3 -fsanitize=address -Wno-error -fPIC' --enable-debug --disable-asm --disable-optimizations --disable-shared --enable-libopenjpeg --enable-gpl --enable-libass --enable-libfdk-aac --enable-libmp3lame --enable-libopus --enable-libtheora --enable-libvorbis --enable-libvpx --enable-libx264 --enable-nonfree

>the bug could be reproduced while running the following command line:
>ffmpeg -v debug -i 10.jpg -vf format=rgb24,sr=dnn_backend=native:model=crash_dnn_backend_native_1 derain.jpg
First Last Prev Next    This bug is not in your last search results.