FFmpeg Memory Leak Vulnerability in IAMF File Handler

A memory leak vulnerability has been identified in FFmpeg versions prior to 6e26f57f672b05e7b8b052007a83aef99dc81ccb. The issue arises in the IAMF File Handler component, specifically within the 'audio_element_obu' function of 'libavformat/iamf_parse.c'. The vulnerability is caused by improper handling of the 'num_parameters' argument, which leads to allocated memory not being properly tracked or released. This memory leak can be exploited remotely, without authentication, but requires user interaction.

Impact

Exploitation of this vulnerability leads to a memory leak, where the application fails to release allocated memory, causing increased memory consumption over time.

Reproduction

The vulnerability can be reproduced by using FFmpeg to process IAMF files that contain audio element OBUs. The 'num_parameters' argument will be manipulated in a way that bypasses the function's constraints, causing a memory leak.

Remediation

Users are advised to upgrade to FFmpeg versions that include the patch for this vulnerability. The patch is available in the official FFmpeg repository.