CVE-2015-8662

Name of the Vulnerable Software and Affected Versions FFmpeg versions prior to 2.8.4

Description The issue arises from the ff dwt decode function in libavcodec/jpeg2000dwt.c not validating the number of decomposition levels before proceeding with Discrete Wavelet Transform decoding. This allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted JPEG 2000 data.

Recommendations For versions prior to 2.8.4, update to version 2.8.4 or later to resolve the issue. As a temporary workaround, consider restricting the use of the ff dwt decode function until a patch is available. Avoid using crafted JPEG 2000 data that could exploit this issue.