CVE-2016-9561

Published: 12/23/2016 Last updated: 8/6/2024 Reserved: 11/22/2016

The che_configure function in libavcodec/aacdec_template.c in FFmpeg before 3.2.1 allows remote attackers to cause a denial of service (allocation of huge memory, and being killed by the OS) via a crafted MOV file.

CNA assigner: mitre (8254265b-2729-46b6-b9e3-3dfca2d5bfca) Requested by: n/a

Opam packages affected (3)

conf-ffmpeg ffmpeg opus

Products affected (1)

Product	Vendor	Version
n/a	n/a	Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016

References (4)

http://www.openwall.com/lists/oss-security/2016/12/08/1
http://www.securityfocus.com/bid/94756
http://www.openwall.com/lists/oss-security/2016/12/08/1
http://www.securityfocus.com/bid/94756