CVE-2018-7557

Published: Feb 28, 2018

Modified: Aug 5, 2024

PUBLISHED

Description

The decode_init function in libavcodec/utvideodec.c in FFmpeg 2.8 through 3.4.2 allows remote attackers to cause a denial of service (Out of array read) via an AVI file with crafted dimensions within chroma subsampling data.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/7414d0bda7763f9bd69c26c068e482ab297c1c96

x_refsource_CONFIRM

DSA-4249

vendor-advisory

x_refsource_DEBIAN

[debian-lts-announce] 20190107 [SECURITY] [DLA 1630-1] libav security update

mailing-list

x_refsource_MLIST

GLSA-202003-65

vendor-advisory

x_refsource_GENTOO

https://github.com/FFmpeg/FFmpeg/commit/e724bd1dd9efea3abb8586d6644ec07694afceae

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2018-7557

Description

Affected Products

References