CVE-2015-1872

Name of the Vulnerable Software and Affected Versions FFmpeg versions prior to 2.5.4

Description The issue is related to the ff mjpeg decode sof function in libavcodec/mjpegdec.c, which does not validate the number of components in a JPEG-LS Start Of Frame segment. This allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted Motion JPEG data. The vulnerability can be exploited by a remote attacker using specially formed Motion JPEG data, leading to a denial of service.

Recommendations For versions prior to 2.5.4, update to version 2.5.4 or later to resolve the issue. As a temporary workaround, consider restricting the use of the ff mjpeg decode sof function until a patch is available. Avoid using crafted Motion JPEG data that could exploit the vulnerability.