PT-2015-3157 · FFmpeg+1 · Ffmpeg+1

Published

2015-12-24

·

Updated

2024-06-15

·

CVE-2015-8661

CVSS v3.1

8.3

High

VectorAV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
Name of the Vulnerable Software and Affected Versions FFmpeg versions prior to 2.8.3
Description The issue is related to the h264 slice header init function in libavcodec/h264 slice.c, which does not properly validate the relationship between the number of threads and the number of slices. This can be exploited by remote attackers using crafted H.264 data, potentially leading to a denial of service due to out-of-bounds array access or other unspecified impacts.
Recommendations For versions prior to 2.8.3, update to version 2.8.3 or later to resolve the issue. As a temporary workaround, consider restricting the use of the h264 slice header init function until a patch is available.

Fix

DoS

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-119

Related Identifiers

BDU:2016-00373
CVE-2015-8661
DLA-1611-1
MGASA-2016-0018
OPENSUSE-SU-2016_0089-1
OPENSUSE-SU-2024:10243-1
OPENSUSE-SU-2024:10754-1

Affected Products

Ffmpeg
Suse