6.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.006 Low
EPSS
Percentile
79.1%
The ff_mjpeg_decode_sof function in libavcodec/mjpegdec.c in FFmpeg before
2.5.4 does not validate the number of components in a JPEG-LS Start Of
Frame segment, which allows remote attackers to cause a denial of service
(out-of-bounds array access) or possibly have unspecified other impact via
crafted Motion JPEG data.
Author | Note |
---|---|
mdeslaur | as of 2016-03-11, doesn’t look fixed in libav |
ebarretto | as of 2018-09-27, the fix is only available in libav 0.8.x the fix was not backported or applied to any other version so considered ignored for trusty’s version. |