CVE-2015-8218 - OpenCVE

The decode_uncompressed function in libavcodec/faxcompr.c in FFmpeg before 2.8.2 does not validate uncompressed runs, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted CCITT FAX data.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:M/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Ffmpeg	Ffmpeg

Configuration 1 [-]

cpe:2.3:a:ffmpeg:ffmpeg:*:*:*:*:*:*:*:*

References

Link	Resource
http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=d4a731b84a08f0f3839eaaaf82e97d8d9c67da46
http://lists.opensuse.org/opensuse-updates/2015-11/msg00146.html

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2015-11-17T01:00:00

Updated: 2016-12-05T20:57:01

Reserved: 2015-11-16T00:00:00

Link: CVE-2015-8218

JSON object: View

NVD Information

Status : Modified

Published: 2015-11-17T01:59:02.730

Modified: 2023-11-07T02:28:20.510

Link: CVE-2015-8218

JSON object: View

Redhat Information

No data.

CWE

CWE-20

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2015-11-05T00:00:00", "descriptions": [{"lang": "en", "value": "The decode_uncompressed function in libavcodec/faxcompr.c in FFmpeg before 2.8.2 does not validate uncompressed runs, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted CCITT FAX data."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2016-12-05T20:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "openSUSE-SU-2015:2120", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-updates/2015-11/msg00146.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=d4a731b84a08f0f3839eaaaf82e97d8d9c67da46"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2015-8218", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The decode_uncompressed function in libavcodec/faxcompr.c in FFmpeg before 2.8.2 does not validate uncompressed runs, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted CCITT FAX data."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "openSUSE-SU-2015:2120", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-updates/2015-11/msg00146.html"}, {"name": "http://git.videolan.org/?p=ffmpeg.git;a=commit;h=d4a731b84a08f0f3839eaaaf82e97d8d9c67da46", "refsource": "CONFIRM", "url": "http://git.videolan.org/?p=ffmpeg.git;a=commit;h=d4a731b84a08f0f3839eaaaf82e97d8d9c67da46"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2015-8218", "datePublished": "2015-11-17T01:00:00", "dateReserved": "2015-11-16T00:00:00", "dateUpdated": "2016-12-05T20:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}