Numeric Errors
CVE-2014-8549
Summary
The "libavcodec/on2avc.c" file in FFmpeg prior to 2.3.5, 2.4.x prior to 2.4.2, and 2.5-dev does not constrain the number of channels to at most 2, which allows remote attackers to cause a Denial of Service (out-of-bounds access) or possibly have unspecified other impact via crafted On2 data.
- LOW
- NETWORK
- LOW
- UNCHANGED
- NONE
- NONE
- LOW
- LOW
CWE-189 - Numeric Errors
Weaknesses in this category are related to improper calculation or conversion of numbers.
References
Advisory Timeline
- Published