CVE-2015-5479

Vulnerability

The vulnerability resides in the ff_h263_decode_mba function in libavcodec/ituh263dec.c in Libav versions before 11.5. A crafted media file with specially designed dimensions causes a divide-by-zero error during H.263 decoding, leading to an application crash. The issue was discovered through fuzzing and confirmed by upstream developers [2].

Exploitation

An attacker can exploit this vulnerability by crafting a malicious media file with specific dimensions that trigger the divide-by-zero when the file is decoded. No authentication is required; the attacker only needs to convince a user to open the crafted file using a vulnerable version of Libav (e.g., via avplay). The crash occurs immediately upon processing the file, as demonstrated in the gdb output showing the divide-by-zero [2].

Impact

The primary impact is a denial of service due to an application crash. The Ubuntu security advisory [1] notes that this could potentially be used to execute arbitrary code with the privileges of the user, although the CVE description and the original report [2] focus on the crash. The vulnerability affects the confidentiality, integrity, and availability of the system only insofar as a crash disrupts service, but code execution is not confirmed in the available references.

Mitigation

The vulnerability is fixed in Libav version 11.5 [2]. Ubuntu released updated packages in USN-2944-1 [1], which can be applied via standard system updates. Users should upgrade to the latest version of Libav or apply the distribution-specific security update. No workarounds are available for unpatched versions.