CVE-2015-8364 — Ffmpeg vulnerability

CWE-1895 documents5 sources

Severity

6.8MEDIUMNVD

EPSS

0.6%

top 31.03%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Ffmpeg Debian Ffmpeg Canonical Ubuntu Linux

Timeline

PublishedNov 26

Latest updateMay 14

Description

Integer overflow in the ff_ivi_init_planes function in libavcodec/ivi.c in FFmpeg before 2.6.5, 2.7.x before 2.7.3, and 2.8.x through 2.8.2 allows remote attackers to cause a denial of service (out-of-bounds heap-memory access) or possibly have unspecified other impact via crafted image dimensions in Indeo Video Interactive data.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages3 packages

▶debiandebian/ffmpeg< ffmpeg 7:2.8.3-1 (bookworm)

▶Debianffmpeg/ffmpeg< 7:2.8.3-1+3

▶NVDffmpeg/ffmpeg7 versions+6

Also affects: Ubuntu Linux 12.04

🔴Vulnerability Details

GHSA

GHSA-r2h9-33j6-9q9f: Integer overflow in the ff_ivi_init_planes function in libavcodec/ivi↗2022-05-14

▶

OSV

CVE-2015-8364: Integer overflow in the ff_ivi_init_planes function in libavcodec/ivi↗2015-11-26

▶

📋Vendor Advisories

Ubuntu

Libav vulnerabilities↗2016-04-04

▶

Debian

CVE-2015-8364: ffmpeg - Integer overflow in the ff_ivi_init_planes function in libavcodec/ivi.c in FFmpe...↗2015

▶