Skip to content

flv-parser memory overflow

High
ireader published GHSA-qv5v-8jcr-37p5 May 3, 2022

Package

No package listed

Affected versions

master

Patched versions

None

Description

Impact

libflv库中,flv_parser_append未检查expectbytes是否处于合理范围,同时FLV_AVHEADER_CODEC分支缺少default分支导致parser->expect未被reinit,最终导致溢出发生
image

Patches

fix flv-parser memory overflow

Workarounds

  1. 校验expect buffer大小
  2. 异常flv tag检查

References

@Cossack9989

For more information

If you have any questions or comments about this advisory:

Severity

High

CVE ID

No known CVE

Weaknesses

Credits