CVE-2016-2329

Name of the Vulnerable Software and Affected Versions FFmpeg versions prior to 2.8.6

Description The issue is related to the improper validation of RowsPerStrip values and YCbCr chrominance subsampling factors in the libavcodec/tiff.c file. This can be exploited by remote attackers using a crafted TIFF file, potentially leading to a denial of service (out-of-bounds array access) or other unspecified impacts. The functions tiff decode tag and decode frame are involved in this issue.

Recommendations For versions prior to 2.8.6, update to version 2.8.6 or later to resolve the issue. As a temporary workaround, consider restricting the use of the libavcodec/tiff.c module to minimize the risk of exploitation. Avoid using the affected functions, such as tiff decode tag and decode frame, until the issue is resolved.