CVE-2016-2327

Name of the Vulnerable Software and Affected Versions FFmpeg versions prior to 2.8.5

Description The issue is caused by a buffer overflow in the apng encode frame and encode apng functions in the libavcodec/pngenc.c file of the FFmpeg multimedia library. This can be exploited by a remote attacker using a specially crafted .avi file, potentially leading to a denial of service or other unspecified impacts.

Recommendations For versions prior to 2.8.5, update to version 2.8.5 or later to resolve the issue. As a temporary workaround, consider restricting the use of the apng encode frame and encode apng functions until a patch is available. Avoid using specially crafted .avi files that could exploit this issue.