6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.004 Low
EPSS
Percentile
73.3%
Integer overflow in the ff_ivi_init_planes function in libavcodec/ivi.c in
FFmpeg before 2.6.5, 2.7.x before 2.7.3, and 2.8.x through 2.8.2 allows
remote attackers to cause a denial of service (out-of-bounds heap-memory
access) or possibly have unspecified other impact via crafted image
dimensions in Indeo Video Interactive data.
Author | Note |
---|---|
mdeslaur | no equivalent fix in libav as of 2016-03-31 in precise, code is in ivi_common.c |
ebarretto | as of 2018-09-27, no equivalent fix in libav |