CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
EPSS
Percentile
72.4%
Multiple integer overflows in the process_frame_obj function in
libavcodec/sanm.c in FFmpeg before 1.1.2 allow remote attackers to have an
unspecified impact via crafted image dimensions in LucasArts Smush video
data, which triggers an out-of-bounds array access.
Author | Note |
---|---|
mdeslaur | ffmpeg-extra in multiverse needs to have matching version libav-extra is built with tarball produced by libav package |