A high-severity vulnerability in the FFmpeg RASC video decoder could allow for arbitrary code execution through the processing of malicious video files.

The flaw exists in the decode_dlta function within libavcodec/rasc. It is a memory corruption vulnerability triggered when the decoder processes a crafted RASC media file, likely resulting in an out-of-bounds access or buffer overflow.

The CVSS score of 8.6 reflects the ease with which a remote attacker could trigger this vulnerability by simply enticing a user to open a malicious media file. Successful exploitation could lead to arbitrary code execution with the privileges of the user running the application, potentially resulting in data loss or unauthorized system access.

Immediate Action: Update all applications that bundle or utilize the FFmpeg library to the latest version that includes the fix for this decoder vulnerability.

Proactive Monitoring: Review file integrity and monitor for any application crashes associated with video playback, which may serve as indicators of attempted exploitation.

Compensating Controls: Deploy endpoint protection solutions capable of detecting and blocking malicious media files, and ensure that users are warned against opening files from untrusted sources.

Public Exploit Available: false

FFmpeg is a widely used library across numerous software suites. Organizations must audit their software inventory to identify applications reliant on FFmpeg and prioritize patching to mitigate the risk of remote code execution through malicious media content.