CVSS2
Attack Vector
LOCAL
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:L/AC:M/Au:N/C:N/I:N/A:P
EPSS
Percentile
57.2%
The ffmpeg lavf demuxer allows user-assisted attackers to cause a denial of
service (application crash) via a crafted GIF file, possibly related to
gstreamer, as demonstrated by lol-giftopnm.gif.
Author | Note |
---|---|
mdeslaur | Reproducer is here: http://libcaca.zoy.org/attachment/wiki/zzuf/bugs/lol-giftopnm.gif?format=raw This is just a dos, and upstream fixed this by removing the gif demuxer which would cause a regression for a stable release, so I opt to not fix this… |