Описание
The decode_uncompressed function in libavcodec/faxcompr.c in FFmpeg before 2.8.2 does not validate uncompressed runs, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted CCITT FAX data.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| ffmpeg | fixed | 7:2.8.2-1 | package | |
| ffmpeg | not-affected | squeeze | package | |
| libav | not-affected | package |
Примечания
https://git.videolan.org/?p=ffmpeg.git;a=commit;h=d4a731b84a08f0f3839eaaaf82e97d8d9c67da46
Vulnerability affects G3{1, 2}D code extensions feature, which is not present
in libav 0.8 and 9. branches: https://lists.debian.org/debian-lts/2017/12/msg00011.html
11.x features G3 support, but the vulnerable code was introduced later
EPSS
Связанные уязвимости
The decode_uncompressed function in libavcodec/faxcompr.c in FFmpeg before 2.8.2 does not validate uncompressed runs, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted CCITT FAX data.
The decode_uncompressed function in libavcodec/faxcompr.c in FFmpeg before 2.8.2 does not validate uncompressed runs, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted CCITT FAX data.
The decode_uncompressed function in libavcodec/faxcompr.c in FFmpeg before 2.8.2 does not validate uncompressed runs, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted CCITT FAX data.
Уязвимость мультимедийной библиотеки FFmpeg, позволяющая нарушителю вызвать отказ в обслуживании
EPSS