VDB

GCVE-110-MAGEIA-2016-18

GCVE-110-MAGEIA-2016-18
Advisory Published
Vulnetix · Advisory published January 15, 2016
The update_dimensions function in libavcodec/vp8.c in FFmpeg before 2.4.12, as used in Google Chrome before 46.0.2490.71 and other products, relies on a coefficient-partition count during multi-threaded operation, which allows remote attackers to cause a denial of service (race condition and memory corruption) or possibly have unspecified other impact via a crafted WebM file (CVE-2015-6761). The decode_ihdr_chunk function in libavcodec/pngdec.c in FFmpeg before 2.4.11 does not enforce uniqueness of the IHDR (aka image header) chunk in a PNG image, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via a crafted image with two or more of these chunks (CVE-2015-6818). The ff_sbr_apply function in libavcodec/aacsbr.c in FFmpeg before 2.4.11 does not check for a matching AAC frame syntax element before proceeding with Spectral Band Replication calculations, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted AAC data (CVE-2015-6820). The ff_mpv_common_init function in libavcodec/mpegvideo.c in FFmpeg before 2.4.11 does not properly maintain the encoding context, which allows remote attackers to cause a denial of service (invalid pointer access) or possibly have unspecified other impact via crafted MPEG data (CVE-2015-6821). The destroy_buffers function in libavcodec/sanm.c in FFmpeg before 2.4.11 does not properly maintain height and width values in the video context, which allows remote attackers to cause a denial of service (segmentation violation and application crash) or possibly have unspecified other impact via crafted LucasArts Smush video data (CVE-2015-6822). The allocate_buffers function in libavcodec/alac.c in FFmpeg before 2.4.11 does not initialize certain context data, which allows remote attackers to cause a denial of service (segmentation violation) or possibly have unspecified other impact via crafted Apple Lossless Audio Codec (ALAC) data (CVE-2015-6823). The sws_init_context function in libswscale/utils.c in FFmpeg before 2.4.11 does not initialize certain pixbuf data structures, which allows remote attackers to cause a denial of service (segmentation violation) or possibly have unspecified other impact via crafted video data (CVE-2015-6824). The ff_frame_thread_init function in libavcodec/pthread_frame.c in FFmpeg before 2.4.11 mishandles certain memory-allocation failures, which allows remote attackers to cause a denial of service (invalid pointer access) or possibly have unspecified other impact via a crafted file, as demonstrated by an AVI file (CVE-2015-6825). The ff_rv34_decode_init_thread_copy function in libavcodec/rv34.c in FFmpeg before 2.4.11 does not initialize certain structure members, which allows remote attackers to cause a denial of service (invalid pointer access) or possibly have unspecified other impact via crafted RV30 or RV40 RealVideo data (CVE-2015-6826). The ljpeg_decode_yuv_scan function in libavcodec/mjpegdec.c in FFmpeg before 2.4.12 omits certain width and height checks, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted MJPEG data (CVE-2015-8216). The init_tile function in libavcodec/jpeg2000dec.c in FFmpeg before 2.4.12 does not enforce minimum-value and maximum-value constraints on tile coordinates, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted JPEG 2000 data (CVE-2015-8219). The jpeg2000_read_main_headers function in libavcodec/jpeg2000dec.c in FFmpeg before 2.4.12 does not enforce uniqueness of the SIZ marker in a JPEG 2000 image, which allows remote attackers to cause a denial of service (out-of-bounds heap-memory access) or possibly have unspecified other impact via a crafted image with two or more of these markers (CVE-2015-8363). Integer overflow in the ff_ivi_init_planes function in libavcodec/ivi.c in FFmpeg before 2.4.12 allows remote attackers to cause a denial of service (out-of-bounds heap-memory access) or possibly have unspecified other impact via crafted image dimensions in Indeo Video Interactive data (CVE-2015-8364). The smka_decode_frame function in libavcodec/smacker.c in FFmpeg before 2.4.12 does not verify that the data size is consistent with the number of channels, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted Smacker data (CVE-2015-8365). The h264_slice_header_init function in libavcodec/h264_slice.c in FFmpeg before 2.4.12 does not validate the relationship between the number of threads and the number of slices, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted H.264 data (CVE-2015-8661). The ff_dwt_decode function in libavcodec/jpeg2000dwt.c in FFmpeg before 2.4.12 does not validate the number of decomposition levels before proceeding with Discrete Wavelet Transform decoding, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted JPEG 2000 data (CVE-2015-8662). The ff_get_buffer function in libavcodec/utils.c in FFmpeg before 2.4.12 preserves width and height values after a failure, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via a crafted .mov file (CVE-2015-8663).

Affected Products

VendorProductVersionsPlatforms
Mageiaffmpeg0 (affected), 2.4.12-1.mga5 (unaffected), 0 (affected), 2.4.12-1.mga5.tainted (unaffected), 0 (affected), 0 (affected), 2.4.12-1.mga5.tainted (unaffected), 2.4.12-1.mga5 (unaffected)
Mageiasqliteman0 (affected), 1.2.2-4.1.mga5 (unaffected)

Browse GCVE Records

71,925 records in the GCVE database · Updated July 13, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›