CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P
EPSS
Percentile
83.2%
Integer overflow in the ff_j2k_dwt_init function in libavcodec/j2k_dwt.c in
FFmpeg before 0.9.1 allows remote attackers to cause a denial of service
(segmentation fault and application crash) via a crafted JPEG2000 image
that triggers an incorrect check for a negative value.
Author | Note |
---|---|
jdstrand | per upstream, j2k is marked as experimental |
mdeslaur | code not present in libav and ffmpeg 0.5.x |