Safety researchers from Google revealed vulnerability ( CVE-2022-2566 ) in the Libavformat library, which is part of the FFMPEG multimediystydiy. Vulnerability allows you to achieve the attacker code when processing a specially changed file in the MP4 format on the victim system. Vulnerability manifests itself starting with the FFMPEG 5.1 branch and fixed in the release of FFMPEG 5.1.2.
Vulnerability is caused by the error of calculating the sizes of the buffer in the Build_open_gop_key_points () function, which leads to integer overflowing during the processing of certain parameters and the allocation of the memory block, less than required. To demonstrate the possibility of an attack published prototype exploit.
/Media reports.