CVE-2015-8364

Published: 11/26/2015 Last updated: 8/6/2024 Reserved: 11/26/2015

Integer overflow in the ff_ivi_init_planes function in libavcodec/ivi.c in FFmpeg before 2.6.5, 2.7.x before 2.7.3, and 2.8.x through 2.8.2 allows remote attackers to cause a denial of service (out-of-bounds heap-memory access) or possibly have unspecified other impact via crafted image dimensions in Indeo Video Interactive data.

CNA assigner: mitre (8254265b-2729-46b6-b9e3-3dfca2d5bfca) Requested by: n/a

Opam packages affected (3)

conf-ffmpeg ffmpeg opus

Products affected (1)

Product	Vendor	Version
n/a	n/a	6.5.2.2

References (8)

http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=df91aa034b82b77a3c4e01791f4a2b2ff6c82066
http://lists.opensuse.org/opensuse-updates/2015-12/msg00118.html
http://www.ubuntu.com/usn/USN-2944-1
https://lists.debian.org/debian-lts-announce/2018/12/msg00009.html
http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=df91aa034b82b77a3c4e01791f4a2b2ff6c82066
http://lists.opensuse.org/opensuse-updates/2015-12/msg00118.html
http://www.ubuntu.com/usn/USN-2944-1
https://lists.debian.org/debian-lts-announce/2018/12/msg00009.html