FFmpeg handle_open_brace() Function Subtitle Decoder Out-of-Bounds Read Denial of Service Vulnerability



A vulnerability in FFmpeg could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on a targeted system.

The vulnerability is due to improper memory operations performed by the handle_open_brace() function, as defined in the libavcodec/htmlsubtitles.c source code file of the affected software. An attacker could exploit this vulnerability by persuading a user to open a crafted video file in Matroska format that submits malicious input to the targeted system. A successful exploit could cause an out-of-bounds read condition in the subtitle decoder, which could result in a DoS condition.

FFmpeg has confirmed the vulnerability and released software updates.

Security Impact Rating: Medium

CVE: CVE-2019-9721

Source:: Cisco Multivendor Vulnerability Alerts