FFmpeg Signed Integer Overflow Vulnerability in DVD Subtitle Parser Leading to Heap Out-of-Bounds Write

A signed integer overflow vulnerability has been identified in FFmpeg's DVD subtitle parser, specifically within the fragment reassembly bounds checks. This flaw allows remote attackers to exploit the vulnerability by sending a specially crafted MPEG-PS/VOB media file that includes a malicious DVD subtitle stream. The exploitation of this vulnerability causes a heap out-of-bounds write, which can lead to a denial-of-service condition by crashing the application, and potentially allow for arbitrary code execution in applications that use FFmpeg's vulnerable APIs.

Impact

Exploitation of this vulnerability causes a denial-of-service condition by crashing the application. However, it also allows for arbitrary code execution, particularly in applications that utilize the affected FFmpeg APIs.

Remediation

To mitigate this vulnerability, avoid processing untrusted MPEG-PS/VOB media files with FFmpeg. If FFmpeg is used in automated media processing services, implement strict input validation and isolation to prevent the ingestion of malicious files from untrusted sources. For end-user applications, refrain from opening or playing untrusted media files.