libavcodec/pngdec.c in FFmpeg before 2.4.2 accepts the monochrome-black format without verifying that the bits-per-pixel value is 1, which allows remote attackers to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via crafted PNG data.
Vector
NETWORK
Complexity
LOW
Authentication
NONE
Confidentiality
PARTIAL
Integrity
PARTIAL
Availability
PARTIAL
FFmpeg 0.4.4
FFmpeg 0.8.0
FFmpeg 0.4.5
FFmpeg 0.8.1
FFmpeg 0.4.6
FFmpeg 0.8.2
FFmpeg 0.4.7
FFmpeg 0.4.0
FFmpeg 0.4.2
FFmpeg 0.4.3
Ffmpeg Ffmpeg 2.2.4 (not an official CPE)
FFmpeg FFmpeg 0.9
FFmpeg 0.7
FFmpeg 0.5
Ffmpeg Ffmpeg 1.1.13 (not an official CPE)
FFmpeg 0.3
Ffmpeg Ffmpeg 1.1.12 (not an official CPE)
FFmpeg 0.6
Ffmpeg Ffmpeg 1.1.10 (not an official CPE)
Ffmpeg Ffmpeg 1.1.11 (not an official CPE)
FFmpeg 0.10
FFmpeg 0.11
FFmpeg 0.7.11
FFmpeg 0.7.12
FFmpeg 0.7.1
FFmpeg 0.7.2
FFmpeg 0.7.3
FFmpeg 0.7.4
FFmpeg 0.3.1
FFmpeg 0.3.2
FFmpeg 0.3.3
FFmpeg 0.3.4
FFmpeg 2.1.2
FFmpeg 2.1.3
FFmpeg 2.1.4
FFmpeg 1.0
FFmpeg 2.1.1
Ffmpeg Ffmpeg 2.1.5 (not an official CPE)
FFmpeg 0.8.5
FFmpeg 0.8.6
FFmpeg 1.1
FFmpeg 0.8.7
FFmpeg 1.2
FFmpeg 0.10.4
FFmpeg 0.10.3
FFmpeg 0.11.4
Ffmpeg Ffmpeg 1.2.5 (not an official CPE)
FFmpeg 1.2.1
Ffmpeg Ffmpeg 1.2.6 (not an official CPE)
Ffmpeg Ffmpeg 1.2.7 (not an official CPE)
Ffmpeg Ffmpeg 1.2.4 (not an official CPE)
FFmpeg 0.8.8
Ffmpeg Ffmpeg 1.2.3 (not an official CPE)
FFmpeg 0.4.8
FFmpeg 0.6.2
FFmpeg 0.6.3
FFmpeg 0.6.1
FFmpeg 2.0.1
FFmpeg 2.0.3
Ffmpeg Ffmpeg 2.0.4 (not an official CPE)
Ffmpeg Ffmpeg 2.0.5 (not an official CPE)
Ffmpeg Ffmpeg 2.4.1 (not an official CPE)
FFmpeg 2.0.2
FFmpeg 0.7.6
FFmpeg 0.4.9 pre1
FFmpeg 0.7.7
FFmpeg 0.8.5.4
FFmpeg 2.0
FFmpeg 0.7.8
FFmpeg 0.8.5.3
Ffmpeg Ffmpeg 2.3 (not an official CPE)
FFmpeg 2.1
Ffmpeg Ffmpeg 2.2 (not an official CPE)
FFmpeg 0.11.3
FFmpeg 0.11.2
FFmpeg 0.11.1
FFmpeg 0.5.4.5
FFmpeg 0.5.4.6
Ffmpeg Ffmpeg 2.4 (not an official CPE)
FFmpeg 1.0.1
FFmpeg 1.0.2
FFmpeg 1.0.4
FFmpeg 1.0.3
FFmpeg 0.8.10
Ffmpeg Ffmpeg 2.3.3 (not an official CPE)
FFmpeg 0.8.11
Ffmpeg Ffmpeg 2.3.4 (not an official CPE)
Ffmpeg Ffmpeg 2.3.2 (not an official CPE)
FFmpeg 0.5.2
FFmpeg 0.5.1
FFmpeg FFmpeg 0.9.1
FFmpeg 0.5.5
FFmpeg 0.5.4
FFmpeg 0.5.3
FFmpeg 0.7.5
FFmpeg 1.1.1
FFmpeg 1.1.4
FFmpeg 0.7.9
FFmpeg 1.1.3
FFmpeg 1.1.5
FFmpeg 1.1.8
FFmpeg 1.1.7
FFmpeg 1.1.2
Ffmpeg Ffmpeg 1.1.9 (not an official CPE)
FFmpeg 1.1.6
Advisory | Patch | Confirmed | Link |
---|---|---|---|
http://www.ffmpeg.org/security.html | |||
http://git.videolan.org/?p=ffmpeg.git;a=commit;h=3e2b745... | |||
GLSA-201603-06 |