CVE-2015-8217

Name of the Vulnerable Software and Affected Versions FFmpeg versions prior to 2.8.2

Description The issue is related to the ff hevc parse sps function in libavcodec/hevc ps.c, which does not properly validate the Chroma Format Indicator. This allows remote attackers to cause a denial of service, potentially through out-of-bounds array access, by using specially crafted High Efficiency Video Coding (HEVC) data.

Recommendations For versions prior to 2.8.2, update to version 2.8.2 or later to resolve the issue. As a temporary workaround, consider restricting the use of the ff hevc parse sps function until a patch is applied.