Libav LZO 'av _ lzo1x_decode' Function Memory Corruption Vulnerability
Release date:
Updated on:
Affected Systems:
Libav
Description:
--------------------------------------------------------------------------------
Bugtraq id: 68217
CVE (CAN) ID: CVE-2014-4609
Libav is a cross-platform free software that allows you to perform video, transfer, and stream functions in multimedia formats and protocols.
When Libav processes zero bytes, The lzo1x_decompress_safe () function has the integer overflow vulnerability. Attackers can exploit this vulnerability to execute arbitrary code on the affected system.
<* Source: Don A. Bailey
Link: http://xforce.iss.net/xforce/xfdb/94012
*>
Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
Libav
-----
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:
Https://libav.org/
Refer:
FFmpeg:
Http://ffmpeg.org/index.html
Don A. Bailey:
Https://www.securitymouse.com/lms-2014-06-16-4
This article permanently updates the link address: