|
|
Subscribe / Log in / New account

ffmpeg: multiple vulnerabilities

Package(s):ffmpeg CVE #(s):CVE-2015-8363 CVE-2015-8364 CVE-2015-8365
Created:December 28, 2015 Updated:January 6, 2016
Description: From the CVE entries:

The jpeg2000_read_main_headers function in libavcodec/jpeg2000dec.c in FFmpeg before 2.6.5, 2.7.x before 2.7.3, and 2.8.x through 2.8.2 does not enforce uniqueness of the SIZ marker in a JPEG 2000 image, which allows remote attackers to cause a denial of service (out-of-bounds heap-memory access) or possibly have unspecified other impact via a crafted image with two or more of these markers. (CVE-2015-8363)

Integer overflow in the ff_ivi_init_planes function in libavcodec/ivi.c in FFmpeg before 2.6.5, 2.7.x before 2.7.3, and 2.8.x through 2.8.2 allows remote attackers to cause a denial of service (out-of-bounds heap-memory access) or possibly have unspecified other impact via crafted image dimensions in Indeo Video Interactive data. (CVE-2015-8364)

The smka_decode_frame function in libavcodec/smacker.c in FFmpeg before 2.6.5, 2.7.x before 2.7.3, and 2.8.x through 2.8.2 does not verify that the data size is consistent with the number of channels, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted Smacker data. (CVE-2015-8365)

Alerts:
Mageia MGASA-2016-0018 ffmpeg 2016-01-15
openSUSE openSUSE-SU-2015:2370-1 ffmpeg 2015-12-27
Ubuntu USN-2944-1 libav 2016-04-04
to post comments


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds