Описание
A flaw was found in FFmpeg’s ALS audio decoder, where it does not properly check for memory allocation failures. This can cause the application to crash when processing certain malformed audio files. While it does not lead to data theft or system control, it can be used to disrupt services and cause a denial of service.
Отчет
The Red Hat Product Security team has assessed this vulnerability as Medium severity. It can be exploited remotely without authentication but requires user interaction, such as opening a crafted ALS file. While it does not allow code execution or compromise system confidentiality or integrity, it does cause an application crash, posing a Moderate availability risk. The root cause is insufficient validation of memory allocation return values in the ALS decoder initialization function.
Меры по смягчению последствий
Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability. Users are strongly encouraged to apply vendor-supplied updates or patches as they become available to address this vulnerability.
Ссылки на источники
Дополнительная информация
Статус:
5.3 Medium
CVSS3
Связанные уязвимости
[NULL Pointer Dereference in FFmpeg ALS Decoder (libavcodec/alsdec.c)]
5.3 Medium
CVSS3