Home / os / win2k

Ffmpeg endless loop when dealing with craft swf file

Posted on 30 November -0001

<HTML><HEAD><TITLE>ffmpeg endless loop when dealing with craft swf file</TITLE><META http-equiv="Content-Type" content="text/html; charset=utf-8"></HEAD><BODY>I'm Lian ,a security researcher from Qihoo 360 . I found a vulnerability of ffmpeg . And this could cause ffmpeg get into endless loop ! ================== target system ====================== ffmpeg version 3.1.2 Copyright (c) Ffmpeg -i poc.swf -b:v 640k -y output.ts ================== target web site ====================== https://ffmpeg.org/ ========================= key codes ====================== swfdec.c: line 121 zlib_refill() { retry: ret = inflate(z, Z_NO_FLUSH); // ret is always 2 (Z_NEED_DICT) , and other variates will not been changed. if (buf_size - z->avail_out == 0) goto retry; Our understanding is that swfdec.c is part of the libavformat library and thus this issue may affect other applications that use that library. </BODY></HTML>

 

TOP