CVE-2017-7865

Name of the Vulnerable Software and Affected Versions FFmpeg versions prior to 2017-01-24

Description The issue is caused by a heap-based buffer overflow related to the ipvideo decode block opcode 0xA function in libavcodec/interplayvideo.c and the avcodec align dimensions2 function in libavcodec/utils.c. This can lead to an out-of-bounds write. The vulnerability may allow a remote attacker to exploit the buffer overflow in the dynamic memory, potentially enabling them to write beyond the memory boundaries.

Recommendations For FFmpeg versions prior to 2017-01-24, update to a version released after 2017-01-24 to resolve the issue. As a temporary workaround, consider restricting access to the functions ipvideo decode block opcode 0xA and avcodec align dimensions2 until a patch is applied.