Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2015-8364

Integer overflow in the ff_ivi_init_planes function in libavcodec/ivi.c in FFmpeg before 2.6.5, 2.7.x before 2.7.3, and 2.8.x through 2.8.2 allows remote attackers to cause a denial of service (out-of-bounds heap-memory access) or possibly have unspecified other impact via crafted image dimensions in Indeo Video Interactive data.

Related bugs and status

CVE-2015-8364 (Candidate) is related to these bugs:

Bug #1523692: FFmpeg security fixes December 2015

Summary				In	Importance	Status
	1523692	FFmpeg security fixes December 2015		ffmpeg (Ubuntu)	Medium	Fix Released

See the

CVE page on Mitre.org for more details.

References

CONFIRM: http://git.videolan.or...
UBUNTU: USN-2944-1
SUSE: openSUSE-SU-2015:2370
MLIST: [debian-lts-announce] ...