CVE-2015-8218Improper Input Validation in Ffmpeg

CWE-20Improper Input Validation4 documents4 sources
Severity
6.8MEDIUMNVD
EPSS
0.4%
top 37.43%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
FfmpegDebian Ffmpeg
Timeline
PublishedNov 17
Latest updateMay 17

Description

The decode_uncompressed function in libavcodec/faxcompr.c in FFmpeg before 2.8.2 does not validate uncompressed runs, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted CCITT FAX data.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages3 packages

debiandebian/ffmpeg< ffmpeg 7:2.8.2-1 (bookworm)
Debianffmpeg/ffmpeg< 7:2.8.2-1+3
NVDffmpeg/ffmpeg2.8.1

🔴Vulnerability Details

2
GHSA
GHSA-h9g7-2mx6-j576: The decode_uncompressed function in libavcodec/faxcompr2022-05-17
OSV
CVE-2015-8218: The decode_uncompressed function in libavcodec/faxcompr2015-11-17

📋Vendor Advisories

1
Debian
CVE-2015-8218: ffmpeg - The decode_uncompressed function in libavcodec/faxcompr.c in FFmpeg before 2.8.2...2015