libavcodec/on2avc.c in FFmpeg before 2.4.2 does not constrain the number of channels to at most 2, which allows remote attackers to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via crafted On2 data.
Vector
NETWORK
Complexity
LOW
Authentication
NONE
Confidentiality
PARTIAL
Integrity
PARTIAL
Availability
PARTIAL
FFmpeg 0.4.4
FFmpeg 0.8.0
FFmpeg 0.4.5
FFmpeg 0.8.1
FFmpeg 0.4.6
FFmpeg 0.8.2
FFmpeg 0.4.7
FFmpeg 0.4.0
FFmpeg 0.4.2
FFmpeg 0.4.3
Ffmpeg Ffmpeg 2.2.4 (not an official CPE)
FFmpeg FFmpeg 0.9
FFmpeg 0.7
FFmpeg 0.5
Ffmpeg Ffmpeg 1.1.13 (not an official CPE)
FFmpeg 0.3
Ffmpeg Ffmpeg 1.1.12 (not an official CPE)
FFmpeg 0.6
Ffmpeg Ffmpeg 1.1.10 (not an official CPE)
Ffmpeg Ffmpeg 1.1.11 (not an official CPE)
FFmpeg 0.10
FFmpeg 0.11
FFmpeg 0.7.11
FFmpeg 0.7.12
FFmpeg 0.7.1
FFmpeg 0.7.2
FFmpeg 0.7.3
FFmpeg 0.7.4
FFmpeg 0.3.1
FFmpeg 0.3.2
FFmpeg 0.3.3
FFmpeg 0.3.4
FFmpeg 2.1.2
FFmpeg 2.1.3
FFmpeg 2.1.4
FFmpeg 1.0
FFmpeg 2.1.1
Ffmpeg Ffmpeg 2.1.5 (not an official CPE)
FFmpeg 0.8.5
FFmpeg 0.8.6
FFmpeg 1.1
FFmpeg 0.8.7
FFmpeg 1.2
FFmpeg 0.10.4
FFmpeg 0.10.3
FFmpeg 0.11.4
Ffmpeg Ffmpeg 1.2.5 (not an official CPE)
FFmpeg 1.2.1
Ffmpeg Ffmpeg 1.2.6 (not an official CPE)
Ffmpeg Ffmpeg 1.2.7 (not an official CPE)
Ffmpeg Ffmpeg 1.2.4 (not an official CPE)
FFmpeg 0.8.8
Ffmpeg Ffmpeg 1.2.3 (not an official CPE)
FFmpeg 0.4.8
FFmpeg 0.6.2
FFmpeg 0.6.3
FFmpeg 0.6.1
FFmpeg 2.0.1
FFmpeg 2.0.3
Ffmpeg Ffmpeg 2.0.4 (not an official CPE)
Ffmpeg Ffmpeg 2.0.5 (not an official CPE)
Ffmpeg Ffmpeg 2.4.1 (not an official CPE)
FFmpeg 2.0.2
FFmpeg 0.7.6
FFmpeg 0.4.9 pre1
FFmpeg 0.7.7
FFmpeg 0.8.5.4
FFmpeg 2.0
FFmpeg 0.7.8
FFmpeg 0.8.5.3
Ffmpeg Ffmpeg 2.3 (not an official CPE)
FFmpeg 2.1
Ffmpeg Ffmpeg 2.2 (not an official CPE)
FFmpeg 0.11.3
FFmpeg 0.11.2
FFmpeg 0.11.1
FFmpeg 0.5.4.5
FFmpeg 0.5.4.6
Ffmpeg Ffmpeg 2.4 (not an official CPE)
FFmpeg 1.0.1
FFmpeg 1.0.2
FFmpeg 1.0.4
FFmpeg 1.0.3
FFmpeg 0.8.10
Ffmpeg Ffmpeg 2.3.3 (not an official CPE)
FFmpeg 0.8.11
Ffmpeg Ffmpeg 2.3.4 (not an official CPE)
Ffmpeg Ffmpeg 2.3.2 (not an official CPE)
FFmpeg 0.5.2
FFmpeg 0.5.1
FFmpeg FFmpeg 0.9.1
FFmpeg 0.5.5
FFmpeg 0.5.4
FFmpeg 0.5.3
FFmpeg 0.7.5
FFmpeg 1.1.1
FFmpeg 1.1.4
FFmpeg 0.7.9
FFmpeg 1.1.3
FFmpeg 1.1.5
FFmpeg 1.1.8
FFmpeg 1.1.7
FFmpeg 1.1.2
Ffmpeg Ffmpeg 1.1.9 (not an official CPE)
FFmpeg 1.1.6
| Advisory | Patch | Confirmed | Link |
|---|---|---|---|
| http://www.ffmpeg.org/security.html | |||
| http://git.videolan.org/?p=ffmpeg.git;a=commit;h=550f3e9... | |||
| GLSA-201603-06 |