CVE-2014-9317

Name of the Vulnerable Software and Affected Versions FFMpeg versions prior to 2.1.6 FFMpeg versions 2.2.x through 2.3.x FFMpeg versions 2.4.x prior to 2.4.4

Description The issue allows remote attackers to cause a denial of service and possibly have other unspecified impact via an IDAT before an IHDR in a PNG file. This is due to the decode ihdr chunk function in libavcodec/pngdec.c allowing out-of-bounds heap access.

Recommendations For versions prior to 2.1.6, update to version 2.1.6 or later. For versions 2.2.x through 2.3.x, update to version 2.4.4 or later. For versions 2.4.x prior to 2.4.4, update to version 2.4.4 or later. As a temporary workaround, consider restricting access to PNG files with IDAT before IHDR until a patch is available.