Описание
Integer overflow vulnerability in the yuv2ya16_X_c_template function in libswscale/output.c in FFmpeg 8.0.
A flaw was found in FFmpeg, an open-source multimedia framework. This vulnerability is an integer overflow within the yuv2ya16_X_c_template function. A remote attacker could exploit this by providing a specially crafted input, leading to a denial of service (DoS), which means the affected system or application would become unavailable.
Отчет
This vulnerability is rated Important for Red Hat products. An integer overflow in FFmpeg's yuv2ya16_X_c_template function can be exploited by a remote attacker providing specially crafted input, leading to a denial of service. This impacts components like ffmpeg, qt5-qtwebengine, and qt6-qtwebengine in Red Hat Community Projects and Red Hat Enterprise Linux AI.
Меры по смягчению последствий
To mitigate this issue, users should avoid processing untrusted or specially crafted media files with applications that utilize FFmpeg. Limiting the exposure of applications using FFmpeg to untrusted input can reduce the risk of a denial of service.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux AI (RHEL AI) 3 | ffmpeg | Out of support scope |
Показывать по
Дополнительная информация
Статус:
EPSS
7.5 High
CVSS3
Связанные уязвимости
Integer overflow vulnerability in the yuv2ya16_X_c_template function in libswscale/output.c in FFmpeg 8.0.
Integer overflow vulnerability in the yuv2ya16_X_c_template function in libswscale/output.c in FFmpeg 8.0.
Integer overflow vulnerability in the yuv2ya16_X_c_template function i ...
Integer overflow vulnerability in the yuv2ya16_X_c_template function in libswscale/output.c in FFmpeg 8.0.
EPSS
7.5 High
CVSS3