CVE-2015-8364 - OpenCVE

Integer overflow in the ff_ivi_init_planes function in libavcodec/ivi.c in FFmpeg before 2.6.5, 2.7.x before 2.7.3, and 2.8.x through 2.8.2 allows remote attackers to cause a denial of service (out-of-bounds heap-memory access) or possibly have unspecified other impact via crafted image dimensions in Indeo Video Interactive data.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:M/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Canonical	Ubuntu Linux
Ffmpeg	Ffmpeg

Configuration 1 [-]

OR	cpe:2.3:a:ffmpeg:ffmpeg:2.6.4:::::::*
	cpe:2.3:a:ffmpeg:ffmpeg:2.7.0:::::::*
	cpe:2.3:a:ffmpeg:ffmpeg:2.7.1:::::::*
	cpe:2.3:a:ffmpeg:ffmpeg:2.7.2:::::::*
	cpe:2.3:a:ffmpeg:ffmpeg:2.8.0:::::::*
	cpe:2.3:a:ffmpeg:ffmpeg:2.8.1:::::::*
	cpe:2.3:a:ffmpeg:ffmpeg:2.8.2:::::::*

Configuration 2 [-]

cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*

References

Link	Resource
http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=df91aa034b82b77a3c4e01791f4a2b2ff6c82066
http://lists.opensuse.org/opensuse-updates/2015-12/msg00118.html
http://www.ubuntu.com/usn/USN-2944-1
https://lists.debian.org/debian-lts-announce/2018/12/msg00009.html

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2015-11-26T17:00:00

Updated: 2018-12-21T10:57:01

Reserved: 2015-11-26T00:00:00

Link: CVE-2015-8364

JSON object: View

NVD Information

Status : Modified

Published: 2015-11-26T17:59:01.823

Modified: 2023-11-07T02:28:23.877

Link: CVE-2015-8364

JSON object: View

Redhat Information

No data.

CWE

CWE-189

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2015-11-15T00:00:00", "descriptions": [{"lang": "en", "value": "Integer overflow in the ff_ivi_init_planes function in libavcodec/ivi.c in FFmpeg before 2.6.5, 2.7.x before 2.7.3, and 2.8.x through 2.8.2 allows remote attackers to cause a denial of service (out-of-bounds heap-memory access) or possibly have unspecified other impact via crafted image dimensions in Indeo Video Interactive data."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-12-21T10:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=df91aa034b82b77a3c4e01791f4a2b2ff6c82066"}, {"name": "openSUSE-SU-2015:2370", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00118.html"}, {"name": "USN-2944-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-2944-1"}, {"name": "[debian-lts-announce] 20181220 [SECURITY] [DLA 1611-1] libav security update", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.debian.org/debian-lts-announce/2018/12/msg00009.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2015-8364", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Integer overflow in the ff_ivi_init_planes function in libavcodec/ivi.c in FFmpeg before 2.6.5, 2.7.x before 2.7.3, and 2.8.x through 2.8.2 allows remote attackers to cause a denial of service (out-of-bounds heap-memory access) or possibly have unspecified other impact via crafted image dimensions in Indeo Video Interactive data."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://git.videolan.org/?p=ffmpeg.git;a=commit;h=df91aa034b82b77a3c4e01791f4a2b2ff6c82066", "refsource": "CONFIRM", "url": "http://git.videolan.org/?p=ffmpeg.git;a=commit;h=df91aa034b82b77a3c4e01791f4a2b2ff6c82066"}, {"name": "openSUSE-SU-2015:2370", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00118.html"}, {"name": "USN-2944-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2944-1"}, {"name": "[debian-lts-announce] 20181220 [SECURITY] [DLA 1611-1] libav security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2018/12/msg00009.html"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2015-8364", "datePublished": "2015-11-26T17:00:00", "dateReserved": "2015-11-26T00:00:00", "dateUpdated": "2018-12-21T10:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ffmpeg:ffmpeg:2.6.4:*:*:*:*:*:*:*", "matchCriteriaId": "3EE84614-E84C-496D-933C-5BEFD385451B", "vulnerable": true}, {"criteria": "cpe:2.3:a:ffmpeg:ffmpeg:2.7.0:*:*:*:*:*:*:*", "matchCriteriaId": "FA690A40-7E16-4E19-9A8E-CC2B41C58921", "vulnerable": true}, {"criteria": "cpe:2.3:a:ffmpeg:ffmpeg:2.7.1:*:*:*:*:*:*:*", "matchCriteriaId": "8D3F7BF7-D609-44B1-9536-4A07DC149824", "vulnerable": true}, {"criteria": "cpe:2.3:a:ffmpeg:ffmpeg:2.7.2:*:*:*:*:*:*:*", "matchCriteriaId": "CBD5E478-1654-4A75-904D-8453DDC680A0", "vulnerable": true}, {"criteria": "cpe:2.3:a:ffmpeg:ffmpeg:2.8.0:*:*:*:*:*:*:*", "matchCriteriaId": "E263E4FD-B683-4233-AFDC-07C72DDA80DC", "vulnerable": true}, {"criteria": "cpe:2.3:a:ffmpeg:ffmpeg:2.8.1:*:*:*:*:*:*:*", "matchCriteriaId": "AA3F5FAA-AD9E-4FC1-B91C-E9A561E95173", "vulnerable": true}, {"criteria": "cpe:2.3:a:ffmpeg:ffmpeg:2.8.2:*:*:*:*:*:*:*", "matchCriteriaId": "18A269C0-FE0F-4178-8195-955D373D9055", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*", "matchCriteriaId": "B6B7CAD7-9D4E-4FDB-88E3-1E583210A01F", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Integer overflow in the ff_ivi_init_planes function in libavcodec/ivi.c in FFmpeg before 2.6.5, 2.7.x before 2.7.3, and 2.8.x through 2.8.2 allows remote attackers to cause a denial of service (out-of-bounds heap-memory access) or possibly have unspecified other impact via crafted image dimensions in Indeo Video Interactive data."}, {"lang": "es", "value": "Desbordamiento de entero en la funci\u00f3n ff_ivi_init_planes en libavcodec/ivi.c en FFmpeg en versiones anteriores a 2.6.5, 2.7.x en versiones anteriores a 2.7.3 y 2.8.x hasta la versi\u00f3n 2.8.2 permite a atacantes remotos provocar una denegaci\u00f3n de servicio (acceso a memoria din\u00e1mica fuera de rango) o posiblemente tener otro impacto no especificado a trav\u00e9s de dimensiones de imagen manipuladas en datos de Indeo Video Interactive."}], "id": "CVE-2015-8364", "lastModified": "2023-11-07T02:28:23.877", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2015-11-26T17:59:01.823", "references": [{"source": "cve@mitre.org", "url": "http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=df91aa034b82b77a3c4e01791f4a2b2ff6c82066"}, {"source": "cve@mitre.org", "url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00118.html"}, {"source": "cve@mitre.org", "url": "http://www.ubuntu.com/usn/USN-2944-1"}, {"source": "cve@mitre.org", "url": "https://lists.debian.org/debian-lts-announce/2018/12/msg00009.html"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-189"}], "source": "nvd@nist.gov", "type": "Primary"}]}