Multiple integer overflows in the (1) old_codec37 and (2) old_codec47 functions in libavcodec/sanm.c in FFmpeg before 1.1.3 allow remote attackers to have an unspecified impact via crafted LucasArts Smush data, which triggers an out-of-bounds array access.
Vector
NETWORK
Complexity
MEDIUM
Authentication
NONE
Confidentiality
COMPLETE
Integrity
COMPLETE
Availability
COMPLETE
FFmpeg 0.7.5
FFmpeg 0.7.1
FFmpeg 0.5.3
FFmpeg 0.7.2
FFmpeg 0.5.4
FFmpeg FFmpeg 0.9.1
FFmpeg 0.7.3
FFmpeg 0.7.4
FFmpeg 0.3.1
FFmpeg 0.3.2
FFmpeg 0.5.1
FFmpeg 0.3.3
FFmpeg 0.5.2
FFmpeg 0.3.4
FFmpeg 1.0
FFmpeg 0.8.11
FFmpeg 0.8.5
FFmpeg 0.8.6
FFmpeg 0.8.7
FFmpeg 0.8.10
FFmpeg 0.10.4
FFmpeg 0.10.3
FFmpeg 0.8.8
FFmpeg 0.4.8
FFmpeg 0.8.0
FFmpeg 0.6.2
FFmpeg 0.4.4
FFmpeg 0.8.1
FFmpeg 0.6.3
FFmpeg 0.4.5
FFmpeg 0.8.2
FFmpeg 0.4.6
FFmpeg 0.4.7
FFmpeg 0.4.0
FFmpeg 0.4.2
FFmpeg 0.6.1
FFmpeg 0.4.3
FFmpeg FFmpeg 0.9
FFmpeg 0.7.6
FFmpeg 0.8.5.4
FFmpeg 0.7.7
FFmpeg 0.4.9 pre1
FFmpeg 0.8.5.3
FFmpeg 0.7.8
FFmpeg 0.7
FFmpeg 0.5
FFmpeg 0.3
FFmpeg 0.5.4.5
FFmpeg 0.5.4.6
FFmpeg 0.6
FFmpeg 0.7.12
FFmpeg 0.7.11
FFmpeg 1.1.1
FFmpeg 0.7.9
FFmpeg 0.11
FFmpeg 0.10
FFmpeg 1.1.2
| Advisory | Patch | Confirmed | Link |
|---|---|---|---|
| http://www.ffmpeg.org/security.html | |||
| http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=526... | |||
| GLSA-201603-06 |