Lucene search

PRIOn knowledge basePRION:CVE-2015-8363

HistoryNov 26, 2015 - 5:59 p.m.

Design/Logic Flaw

2015-11-2617:59:00

PRIOn knowledge base

www.prio-n.com

7.9 High

AI Score

Confidence

High

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.003 Low

EPSS

Percentile

70.7%

JSON

The jpeg2000_read_main_headers function in libavcodec/jpeg2000dec.c in FFmpeg before 2.6.5, 2.7.x before 2.7.3, and 2.8.x through 2.8.2 does not enforce uniqueness of the SIZ marker in a JPEG 2000 image, which allows remote attackers to cause a denial of service (out-of-bounds heap-memory access) or possibly have unspecified other impact via a crafted image with two or more of these markers.

CPENameOperatorVersion
ffmpegeq2.7.1
ffmpegeq2.7.0
ffmpegeq2.8.2
ffmpegeq2.8.1
ffmpegeq2.6.4
ffmpegeq2.7.2
ffmpegeq2.8.0

Name	Operator	Version
ffmpeg	eq	2.7.1
ffmpeg	eq	2.7.0
ffmpeg	eq	2.8.2
ffmpeg	eq	2.8.1
ffmpeg	eq	2.6.4
ffmpeg	eq	2.7.2
ffmpeg	eq	2.8.0

References

git.videolan.org/?p=ffmpeg.git;a=commit;h=44a7f17d0b20e6f8d836b2957e3e357b639f19a2

lists.opensuse.org/opensuse-updates/2015-12/msg00118.html

lists.debian.org/debian-lts-announce/2018/12/msg00009.html

7.9 High

AI Score

Confidence

High

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.003 Low

EPSS

Percentile

70.7%

JSON

Related for PRION:CVE-2015-8363