2015-01-16 21:59:00 2016-12-03 04:02:07

libavcodec/xface.h in FFmpeg before 2.5.2 establishes certain digits and words array dimensions that do not satisfy a required mathematical relationship, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted X-Face image data.

Vector

NETWORK

Complexity

LOW

Authentication

NONE

Confidentiality

PARTIAL

Integrity

PARTIAL

Availability

PARTIAL