CVE-2016-2328

Name of the Vulnerable Software and Affected Versions FFmpeg versions prior to 2.8.6

Description The issue is related to the libswscale/swscale unscaled.c file in FFmpeg, where certain height values are not validated, allowing remote attackers to cause a denial of service or possibly have other impacts via a crafted .cine file. This is related to the bayer to rgb24 wrapper and bayer to yv12 wrapper functions. The vulnerability can be exploited to cause an out-of-bounds array read access.

Recommendations For versions prior to 2.8.6, update to version 2.8.6 or later to resolve the issue. As a temporary workaround, consider restricting the use of the bayer to rgb24 wrapper and bayer to yv12 wrapper functions until a patch is available. Avoid using crafted .cine files that could exploit this issue.