Описание
The ff_mjpeg_decode_sof function in libavcodec/mjpegdec.c in FFmpeg before 2.5.4 does not validate the number of components in a JPEG-LS Start Of Frame segment, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted Motion JPEG data.
| Релиз | Статус | Примечание |
|---|---|---|
| artful | ignored | end of life |
| bionic | not-affected | compiled with `--with-system-libav` |
| cosmic | not-affected | compiled with `--with-system-libav` |
| devel | not-affected | compiled with `--with-system-libav` |
| disco | not-affected | compiled with `--with-system-libav` |
| eoan | not-affected | compiled with `--with-system-libav` |
| esm-apps/bionic | not-affected | compiled with `--with-system-libav` |
| esm-apps/focal | not-affected | compiled with `--with-system-libav` |
| esm-apps/jammy | not-affected | compiled with `--with-system-libav` |
| esm-apps/noble | not-affected | compiled with `--with-system-libav` |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| artful | DNE | |
| bionic | DNE | |
| cosmic | DNE | |
| devel | DNE | |
| disco | DNE | |
| eoan | DNE | |
| esm-infra-legacy/trusty | DNE | |
| esm-infra/focal | DNE | |
| focal | DNE | |
| groovy | DNE |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| artful | ignored | end of life |
| bionic | ignored | end of standard support, was needed |
| cosmic | ignored | end of life |
| devel | DNE | |
| disco | ignored | end of life |
| eoan | ignored | end of life |
| esm-apps/bionic | needed | |
| esm-apps/focal | needed | |
| esm-apps/jammy | needed | |
| esm-apps/xenial | needed |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| artful | DNE | |
| bionic | DNE | |
| cosmic | DNE | |
| devel | DNE | |
| disco | DNE | |
| eoan | DNE | |
| esm-infra-legacy/trusty | ignored | |
| esm-infra/focal | DNE | |
| focal | DNE | |
| groovy | DNE |
Показывать по
EPSS
6.8 Medium
CVSS2
Связанные уязвимости
The ff_mjpeg_decode_sof function in libavcodec/mjpegdec.c in FFmpeg before 2.5.4 does not validate the number of components in a JPEG-LS Start Of Frame segment, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted Motion JPEG data.
The ff_mjpeg_decode_sof function in libavcodec/mjpegdec.c in FFmpeg be ...
The ff_mjpeg_decode_sof function in libavcodec/mjpegdec.c in FFmpeg before 2.5.4 does not validate the number of components in a JPEG-LS Start Of Frame segment, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted Motion JPEG data.
Уязвимость мультимедийной библиотеки FFmpeg, позволяющая нарушителю вызвать отказ в обслуживании
EPSS
6.8 Medium
CVSS2