The cdxl_decode_frame function in libavcodec/cdxl.c in FFmpeg 2.8.x prior to 2.8.12, 3.0.x prior to 3.0.8, 3.1.x prior to 3.1.8, 3.2.x prior to 3.2.5, and 3.3.x prior to 3.3.1 does not exclude the CHUNKY format, which allows remote malicious users to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted file.
| Vulnerable Product | Search on Vulmon | Subscribe to Product |
|---|---|---|
ffmpeg ffmpeg 2.8.3 |
||
ffmpeg ffmpeg 2.8.4 |
||
ffmpeg ffmpeg 2.8.5 |
||
ffmpeg ffmpeg 2.8.6 |
||
ffmpeg ffmpeg 3.1.3 |
||
ffmpeg ffmpeg 3.1.4 |
||
ffmpeg ffmpeg 3.1.5 |
||
ffmpeg ffmpeg 3.2 |
||
ffmpeg ffmpeg 3.1.6 |
||
ffmpeg ffmpeg 3.1.7 |
||
ffmpeg ffmpeg 3.0.5 |
||
ffmpeg ffmpeg 3.0.6 |
||
ffmpeg ffmpeg 3.0 |
||
ffmpeg ffmpeg 3.0.1 |
||
ffmpeg ffmpeg 3.0.2 |
||
ffmpeg ffmpeg 3.0.3 |
||
ffmpeg ffmpeg 3.2.2 |
||
ffmpeg ffmpeg 3.2.4 |
||
ffmpeg ffmpeg 3.0.7 |
||
ffmpeg ffmpeg 2.8.1 |
||
ffmpeg ffmpeg 2.8.8 |
||
ffmpeg ffmpeg 2.8.11 |
||
ffmpeg ffmpeg 3.1 |
||
ffmpeg ffmpeg 3.1.2 |
||
ffmpeg ffmpeg 3.2.1 |
||
ffmpeg ffmpeg 3.3 |
||
ffmpeg ffmpeg 3.2.3 |
||
ffmpeg ffmpeg 2.8 |
||
ffmpeg ffmpeg 2.8.2 |
||
ffmpeg ffmpeg 2.8.7 |
||
ffmpeg ffmpeg 2.8.10 |
||
ffmpeg ffmpeg 2.8.9 |
||
ffmpeg ffmpeg 3.0.4 |
||
ffmpeg ffmpeg 3.1.1 |
Vulmon