Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2015-8216

The ljpeg_decode_yuv_scan function in libavcodec/mjpegdec.c in FFmpeg before 2.8.2 omits certain width and height checks, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted MJPEG data.

Related bugs and status

CVE-2015-8216 (Candidate) is related to these bugs:

Bug #1518549: FFmpeg security fixes November 2015

Summary				In	Importance	Status
	1518549	FFmpeg security fixes November 2015		ffmpeg (Ubuntu)	Medium	Fix Released

Bug #1523692: FFmpeg security fixes December 2015

Summary				In	Importance	Status
	1523692	FFmpeg security fixes December 2015		ffmpeg (Ubuntu)	Medium	Fix Released

See the

CVE page on Mitre.org for more details.

References

CONFIRM: http://git.videolan.or...
SUSE: openSUSE-SU-2015:2120
MLIST: [debian-lts-announce] ...