CVE-2015-8216

Name of the Vulnerable Software and Affected Versions FFmpeg versions prior to 2.8.2

Description The issue is related to the ljpeg decode yuv scan function in libavcodec/mjpegdec.c, which lacks certain width and height checks. This allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have other unspecified impacts via crafted MJPEG data. The vulnerability is associated with errors in the code of the FFmpeg multimedia library.

Recommendations For versions prior to 2.8.2, update to version 2.8.2 or later to resolve the issue. As a temporary workaround, consider restricting the use of the ljpeg decode yuv scan function until a patch is available. Avoid using crafted MJPEG data in the affected API endpoints until the issue is resolved.