Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2015-8219

The init_tile function in libavcodec/jpeg2000dec.c in FFmpeg before 2.8.2 does not enforce minimum-value and maximum-value constraints on tile coordinates, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted JPEG 2000 data.

Related bugs and status

CVE-2015-8219 (Candidate) is related to these bugs:

Bug #1518549: FFmpeg security fixes November 2015

Summary				In	Importance	Status
	1518549	FFmpeg security fixes November 2015		ffmpeg (Ubuntu)	Medium	Fix Released

Bug #1523692: FFmpeg security fixes December 2015

Summary				In	Importance	Status
	1523692	FFmpeg security fixes December 2015		ffmpeg (Ubuntu)	Medium	Fix Released

See the

CVE page on Mitre.org for more details.

References

CONFIRM: http://git.videolan.or...
SUSE: openSUSE-SU-2015:2120