CVE-2015-6761

Name of the Vulnerable Software and Affected Versions FFmpeg versions through 2.8.1 Google Chrome versions prior to 46.0.2490.71

Description The issue is related to the update dimensions function in libavcodec/vp8.c, which relies on a coefficient-partition count during multi-threaded operation. This allows remote attackers to cause a denial of service (race condition and memory corruption) or possibly have unspecified other impact via a crafted WebM file. The vulnerability is caused by synchronization errors when using a shared resource.

Recommendations For FFmpeg versions through 2.8.1, consider updating to a version that addresses the synchronization issue in the update dimensions function. For Google Chrome versions prior to 46.0.2490.71, update to version 46.0.2490.71 or later to resolve the issue. As a temporary workaround, consider disabling multi-threaded operation in FFmpeg until a patch is available.