CVE-2021-38094 – This integer overflow vulnerability in FFmpeg's... (How to Fix)

📋 TL;DR

This integer overflow vulnerability in FFmpeg's filter_sobel function allows attackers to cause denial of service or potentially execute arbitrary code by processing specially crafted video files. It affects systems running FFmpeg 4.2.1 and potentially other versions that haven't been patched. Users who process untrusted video content with FFmpeg are at risk.

💻 Affected Systems

Products:

FFmpeg

Versions: FFmpeg 4.2.1 and potentially earlier versions

Operating Systems: All operating systems running vulnerable FFmpeg versions

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerability is triggered when using the convolution filter with sobel operator on specially crafted video files.

📦 What is this software?

Ffmpeg by Ffmpeg

View all CVEs affecting Ffmpeg →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete system compromise if the integer overflow can be leveraged for memory corruption attacks.

🟠

Likely Case

Denial of service through application crash when processing malicious video files.

🟢

If Mitigated

Limited to denial of service if proper input validation and sandboxing are implemented.

🌐 Internet-Facing: MEDIUM - Only affects systems that process untrusted video content from external sources.

🏢 Internal Only: LOW - Internal systems processing trusted content have minimal exposure.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: MEDIUM

Exploitation requires crafting malicious video files that trigger the integer overflow when processed.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Fixed in commit 99f8d32129dd233d4eb2efa44678a0bc44869f23

Vendor Advisory: https://trac.ffmpeg.org/ticket/8263

Restart Required: No

Instructions:

1. Update FFmpeg to version containing commit 99f8d32129dd233d4eb2efa44678a0bc44869f23
2. Recompile if using source distribution
3. Restart any services using FFmpeg

🔧 Temporary Workarounds

Disable convolution filter

all

Prevent use of the vulnerable filter_sobel function

# Configure FFmpeg to avoid using convolution filters with sobel operator

Input validation

all

Implement strict input validation for video files before processing

# Use file validation tools before passing to FFmpeg

🧯 If You Can't Patch

Isolate FFmpeg processing to dedicated, restricted containers or VMs
Implement strict file upload controls and only process trusted video content

🔍 How to Verify

Check if Vulnerable:

Check FFmpeg version and verify if it contains the vulnerable commit

Check Version:

ffmpeg -version

Verify Fix Applied:

Verify FFmpeg version includes commit 99f8d32129dd233d4eb2efa44678a0bc44869f23

📡 Detection & Monitoring

Log Indicators:

FFmpeg segmentation faults
Unexpected process termination when processing video files

Network Indicators:

Unusual video file uploads to processing systems

SIEM Query:

Process:ffmpeg AND (EventID:1000 OR Signal:SIGSEGV)

📊 Metadata

CVE ID: CVE-2021-38094

CVSS v3 Score: 8.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-190

Published: September 20, 2021

Last Updated: November 21, 2024

🔗 References

https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/99f8d32129dd233d4eb2efa44678a0bc44869f23 Mailing List,Patch,Vendor Advisory
https://trac.ffmpeg.org/ticket/8263 Exploit,Issue Tracking,Vendor Advisory
https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/99f8d32129dd233d4eb2efa44678a0bc44869f23 Mailing List,Patch,Vendor Advisory
https://trac.ffmpeg.org/ticket/8263 Exploit,Issue Tracking,Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-38094, you might also want to check these: