The decode_init function in libavcodec/utvideodec.c in FFmpeg 2.8 through 3.4.2 allows remote attackers to cause a denial of service (Out of array read) via an AVI file with crafted dimensions within chroma subsampling data.
References
Link | Resource |
---|---|
https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/7414d0bda7763f9bd69c26c068e482ab297c1c96 | Patch Vendor Advisory |
https://github.com/FFmpeg/FFmpeg/commit/e724bd1dd9efea3abb8586d6644ec07694afceae | Patch Third Party Advisory |
https://lists.debian.org/debian-lts-announce/2019/01/msg00006.html | Mailing List Third Party Advisory |
https://security.gentoo.org/glsa/202003-65 | Third Party Advisory |
https://www.debian.org/security/2018/dsa-4249 | Third Party Advisory |
Configurations
History
07 Oct 2022, 02:10
Type | Values Removed | Values Added |
---|---|---|
References | (GENTOO) https://security.gentoo.org/glsa/202003-65 - Third Party Advisory | |
References | (MISC) https://github.com/FFmpeg/FFmpeg/commit/e724bd1dd9efea3abb8586d6644ec07694afceae - Patch, Third Party Advisory |
04 Jan 2021, 23:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
Summary | The decode_init function in libavcodec/utvideodec.c in FFmpeg 2.8 through 3.4.2 allows remote attackers to cause a denial of service (Out of array read) via an AVI file with crafted dimensions within chroma subsampling data. |
Information
Published : 2018-02-28 07:29
Updated : 2023-12-10 12:30
NVD link : CVE-2018-7557
Mitre link : CVE-2018-7557
CVE.ORG link : CVE-2018-7557
JSON object : View
Products Affected
debian
- debian_linux
ffmpeg
- ffmpeg
CWE
CWE-125
Out-of-bounds Read