Numeric Errors

CVE-2015-8364

High

7.3/10

Summary

Integer overflow in the ff_ivi_init_planes function in libavcodec/ivi.c in FFmpeg 0.6 before 2.4.12, 2.5.x before 2.5.9, 2.6.x before 2.6.5, 2.7.x before 2.7.3, and 2.8.x before 2.8.3, 2.9-dev allows remote attackers to cause a denial of service (out-of-bounds heap-memory access) or possibly have unspecified other impact via crafted image dimensions in Indeo Video Interactive data.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: LOW
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: NONE
Confidentiality Impact: LOW
Availability Impact: LOW

CWE-189 - Numeric Errors

Weaknesses in this category are related to improper calculation or conversion of numbers.

References

Release Note
Advisory
Advisory

Advisory Timeline

Published Nov 26, 2015

Numeric Errors

CVE-2015-8364

Summary

CWE-189 - Numeric Errors

References

Advisory Timeline

CuteBoi

DustiLock

ChainAlert