ffmpeg: multiple vulnerabilities
| Package(s): | ffmpeg | CVE #(s): | CVE-2016-2327 CVE-2016-2328 CVE-2016-2330 | ||||
| Created: | June 20, 2016 | Updated: | June 22, 2016 | ||||
| Description: | From the CVE entries:
libavcodec/pngenc.c in FFmpeg before 2.8.5 uses incorrect line sizes in certain row calculations, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via a crafted .avi file, related to the apng_encode_frame and encode_apng functions. (CVE-2016-2327) libswscale/swscale_unscaled.c in FFmpeg before 2.8.6 does not validate certain height values, which allows remote attackers to cause a denial of service (out-of-bounds array read access) or possibly have unspecified other impact via a crafted .cine file, related to the bayer_to_rgb24_wrapper and bayer_to_yv12_wrapper functions. (CVE-2016-2328) libavcodec/gif.c in FFmpeg before 2.8.6 does not properly calculate a buffer size, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via a crafted .tga file, related to the gif_image_write_image, gif_encode_init, and gif_encode_close functions. (CVE-2016-2330) | ||||||
| Alerts: |
| ||||||