FFmpeg jpeg2000_decode_tile() Array Access Error Lets Remote Users Cause the Target Service to Crash
|
SecurityTracker Alert ID: 1034923 |
SecurityTracker URL: http://securitytracker.com/id/1034923
|
CVE Reference:
CVE-2016-2213
(Links to External Site)
|
Date: Feb 3 2016
|
Impact:
Denial of service via network
|
Fix Available: Yes Vendor Confirmed: Yes
|
Version(s): prior to 2.8.6
|
Description:
A vulnerability was reported in FFmpeg. A remote user can cause the target service to crash.
A remote user can create a specially crafted JPEG 2000 file that, when processed by the target application, will trigger an out-of-bounds array read access error and cause the target application to crash.
The vulnerability resides in the jpeg2000_decode_tile() function in 'libavcodec/jpeg2000dec.c'.
|
Impact:
A remote user can cause the target application to crash.
|
Solution:
The vendor has issued a source code fix, available at:
http://git.videolan.org/?p=ffmpeg.git;a=commit;h=0aada30510d809bccfd539a90ea37b61188f2cb4
|
Vendor URL: ffmpeg.org/ (Links to External Site)
|
Cause:
Access control error
|
Underlying OS: Linux (Any), UNIX (Any), Windows (Any)
|
|
Message History:
None.
|
Source Message Contents
|
|
[Original Message Not Available for Viewing]
|
|