The jpeg2000_read_main_headers function in libavcodec/jpeg2000dec.c in FFmpeg prior to 2.6.5, 2.7.x prior to 2.7.3, and 2.8.x up to and including 2.8.2 does not enforce uniqueness of the SIZ marker in a JPEG 2000 image, which allows remote malicious users to cause a denial of service (out-of-bounds heap-memory access) or possibly have unspecified other impact via a crafted image with two or more of these markers.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
ffmpeg ffmpeg 2.7.1 |
||
ffmpeg ffmpeg 2.7.0 |
||
ffmpeg ffmpeg 2.8.2 |
||
ffmpeg ffmpeg 2.8.1 |
||
ffmpeg ffmpeg 2.6.4 |
||
ffmpeg ffmpeg 2.7.2 |
||
ffmpeg ffmpeg 2.8.0 |