CVE-2016-2330

Name of the Vulnerable Software and Affected Versions FFmpeg versions prior to 2.8.6

Description The issue is related to a buffer size calculation error in the libavcodec/gif.c file, which can be exploited by remote attackers using a crafted .tga file. This exploitation is associated with the gif image write image, gif encode init, and gif encode close functions and may lead to a denial of service (out-of-bounds array access) or possibly other unspecified impacts.

Recommendations For FFmpeg versions prior to 2.8.6, update to version 2.8.6 or later to resolve the issue. As a temporary workaround, consider restricting the use of the gif image write image, gif encode init, and gif encode close functions until a patch is applied. Avoid using these functions with untrusted .tga files to minimize the risk of exploitation.