CVE-2014-8545

Name of the Vulnerable Software and Affected Versions FFmpeg versions prior to 2.4.2

Description The issue allows remote attackers to cause a denial of service or possibly have other impacts via crafted PNG data. This is due to the monochrome-black format being accepted without verifying that the bits-per-pixel value is 1 in libavcodec/pngdec.c.

Recommendations For versions prior to 2.4.2, update to version 2.4.2 or later to resolve the issue. As a temporary workaround, consider restricting the processing of PNG data from untrusted sources until the update is applied.