|
|
Subscribe / Log in / New account

ffmpeg: multiple vulnerabilities

Package(s):ffmpeg CVE #(s):CVE-2015-8661 CVE-2015-8662 CVE-2015-8663
Created:January 13, 2016 Updated:January 13, 2016
Description: From the CVE entries:

The h264_slice_header_init function in libavcodec/h264_slice.c in FFmpeg before 2.8.3 does not validate the relationship between the number of threads and the number of slices, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted H.264 data. (CVE-2015-8661)

The ff_dwt_decode function in libavcodec/jpeg2000dwt.c in FFmpeg before 2.8.4 does not validate the number of decomposition levels before proceeding with Discrete Wavelet Transform decoding, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted JPEG 2000 data. (CVE-2015-8662)

The ff_get_buffer function in libavcodec/utils.c in FFmpeg before 2.8.4 preserves width and height values after a failure, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via a crafted .mov file. (CVE-2015-8663)

Alerts:
Mageia MGASA-2016-0018 ffmpeg 2016-01-15
openSUSE openSUSE-SU-2016:0089-1 ffmpeg 2016-01-12
to post comments


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds