The smka_decode_frame function in libavcodec/smacker.c in FFmpeg prior to 2.6.5, 2.7.x prior to 2.7.3, and 2.8.x up to and including 2.8.2 does not verify that the data size is consistent with the number of channels, which allows remote malicious users to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted Smacker data.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
canonical ubuntu linux 12.04 |
||
ffmpeg ffmpeg 2.7.1 |
||
ffmpeg ffmpeg 2.7.0 |
||
ffmpeg ffmpeg 2.8.2 |
||
ffmpeg ffmpeg 2.8.1 |
||
ffmpeg ffmpeg 2.6.4 |
||
ffmpeg ffmpeg 2.7.2 |
||
ffmpeg ffmpeg 2.8.0 |