Skip to main content

DEPRECATED: Code

CVE-2015-8216

Severity High
Score 8.8/10

Summary

The "ljpeg_decode_yuv_scan" function in "libavcodec/mjpegdec.c" in FFmpeg before 2.4.12, 2.5.x before 2.5.9, 2.6.x before 2.6.5, 2.7.x before 2.7.3, 2.8.x before 2.8.2, 2.9-dev omits certain width and height checks, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted MJPEG data.

  • LOW
  • NETWORK
  • HIGH
  • UNCHANGED
  • REQUIRED
  • NONE
  • HIGH
  • HIGH

CWE-17 - DEPRECATED: Code

This entry has been deprecated. It was originally used for organizing the Development View (CWE-699) and some other views, but it introduced unnecessary complexity and depth to the resulting tree.

Advisory Timeline

  • Published