ID CVE-2015-8364
Summary Integer overflow in the ff_ivi_init_planes function in libavcodec/ivi.c in FFmpeg before 2.6.5, 2.7.x before 2.7.3, and 2.8.x through 2.8.2 allows remote attackers to cause a denial of service (out-of-bounds heap-memory access) or possibly have unspecified other impact via crafted image dimensions in Indeo Video Interactive data.
References
Vulnerable Configurations
  • cpe:2.3:a:ffmpeg:ffmpeg:2.6.4:*:*:*:*:*:*:*
    cpe:2.3:a:ffmpeg:ffmpeg:2.6.4:*:*:*:*:*:*:*
  • cpe:2.3:a:ffmpeg:ffmpeg:2.7.0:*:*:*:*:*:*:*
    cpe:2.3:a:ffmpeg:ffmpeg:2.7.0:*:*:*:*:*:*:*
  • cpe:2.3:a:ffmpeg:ffmpeg:2.7.1:*:*:*:*:*:*:*
    cpe:2.3:a:ffmpeg:ffmpeg:2.7.1:*:*:*:*:*:*:*
  • cpe:2.3:a:ffmpeg:ffmpeg:2.7.2:*:*:*:*:*:*:*
    cpe:2.3:a:ffmpeg:ffmpeg:2.7.2:*:*:*:*:*:*:*
  • cpe:2.3:a:ffmpeg:ffmpeg:2.8.0:*:*:*:*:*:*:*
    cpe:2.3:a:ffmpeg:ffmpeg:2.8.0:*:*:*:*:*:*:*
  • cpe:2.3:a:ffmpeg:ffmpeg:2.8.1:*:*:*:*:*:*:*
    cpe:2.3:a:ffmpeg:ffmpeg:2.8.1:*:*:*:*:*:*:*
  • cpe:2.3:a:ffmpeg:ffmpeg:2.8.2:*:*:*:*:*:*:*
    cpe:2.3:a:ffmpeg:ffmpeg:2.8.2:*:*:*:*:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*
CVSS
Base: 6.8 (as of 21-12-2018 - 11:29)
Impact:
Exploitability:
CWE CWE-189
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:M/Au:N/C:P/I:P/A:P
refmap via4
confirm http://git.videolan.org/?p=ffmpeg.git;a=commit;h=df91aa034b82b77a3c4e01791f4a2b2ff6c82066
mlist [debian-lts-announce] 20181220 [SECURITY] [DLA 1611-1] libav security update
suse openSUSE-SU-2015:2370
ubuntu USN-2944-1
Last major update 21-12-2018 - 11:29
Published 26-11-2015 - 17:59
Last modified 21-12-2018 - 11:29
Back to Top