rust-ffmpeg Use-After-Free Vulnerability in write_interleaved Method Allows Denial-of-Service or Memory Corruption
Vulnerability
A use-after-free vulnerability has been identified in rust-ffmpeg version 0.3.0 (after commit 5ac0527). The issue arises in the write_interleaved method, which improperly manages data through mutable and immutable references, violating Rust's aliasing rules. This mismanagement can lead to undefined behavior, allowing an attacker to cause memory corruption or a denial-of-service condition.
Impact
Exploitation of this vulnerability causes undefined behavior, with potential consequences including use-after-free errors, memory corruption, or logic errors if the affected data is accessed after the fact.
Reproduction
The vulnerability can be reproduced by calling the write_interleaved method with a packet reference. The method will modify the packet data while only holding an immutable reference, leading to a use-after-free condition. This can be demonstrated by creating a packet, passing it to write_interleaved, and then accessing the packet data afterward, which will reflect the unintended modifications.
Remediation
No specific remediation is available, but users are advised to avoid using the unmaintained rust-ffmpeg crate.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.