CVE-2015-8364

Published: Nov 26, 2015Modified: May 6, 2026

6.8

Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

Exploitability: 8.6 / Impact: 6.4

Source: NVD

Description

Integer overflow in the ff_ivi_init_planes function in libavcodec/ivi.c in FFmpeg before 2.6.5, 2.7.x before 2.7.3, and 2.8.x through 2.8.2 allows remote attackers to cause a denial of service (out-of-bounds heap-memory access) or possibly have unspecified other impact via crafted image dimensions in Indeo Video Interactive data.

Affected (8)

Products: Ffmpeg: Ffmpeg · Canonical: Ubuntu Linux

1 product

1 product

Configuration A

7 vulnerable

Vulnerable Software	Affected Versions
Ffmpeg Ffmpeg	Version 2.6.4
Ffmpeg Ffmpeg	Version 2.7.0
Ffmpeg Ffmpeg	Version 2.7.1
Ffmpeg Ffmpeg	Version 2.7.2
Ffmpeg Ffmpeg	Version 2.8.0
Ffmpeg Ffmpeg	Version 2.8.1
Ffmpeg Ffmpeg	Version 2.8.2

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
Canonical Ubuntu Linux	Version 12.04

Related CWEs

References (8)

http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=df91aa034b82b77a3c4e01791f4a2b2ff6c82066

Source: cve@mitre.org

http://lists.opensuse.org/opensuse-updates/2015-12/msg00118.html

Source: cve@mitre.org

http://www.ubuntu.com/usn/USN-2944-1

Source: cve@mitre.org

https://lists.debian.org/debian-lts-announce/2018/12/msg00009.html

Source: cve@mitre.org

http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=df91aa034b82b77a3c4e01791f4a2b2ff6c82066

Source: af854a3a-2127-422b-91ae-364da2661108

http://lists.opensuse.org/opensuse-updates/2015-12/msg00118.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.ubuntu.com/usn/USN-2944-1

Source: af854a3a-2127-422b-91ae-364da2661108

https://lists.debian.org/debian-lts-announce/2018/12/msg00009.html

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.