Description
The raw_decode function in libavcodec/rawdec.c in FFMpeg before 2.1.6, 2.2.x through 2.3.x, and 2.4.x before 2.4.4 allows remote attackers to cause a denial of service (out-of-bounds heap access) and possibly have other unspecified impact via a crafted .cine file that triggers the avpicture_get_size function to return a negative frame size.
References (3)
Core 3
Core References
Third Party Advisory vendor-advisory
x_refsource_gentoo
https://security.gentoo.org/glsa/201603-06
Vendor Advisory x_refsource_confirm
https://www.ffmpeg.org/security.html
Patch x_refsource_confirm
http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=1d3a3b9f8907625b361420d48fe05716859620ff
Scores
EPSS
0.0102
EPSS Percentile
77.5%
Details
CWE
CWE-119
Status
published
Products (12)
ffmpeg/ffmpeg
2.2
ffmpeg/ffmpeg
2.2.4
ffmpeg/ffmpeg
2.3
ffmpeg/ffmpeg
2.3.2
ffmpeg/ffmpeg
2.3.3
ffmpeg/ffmpeg
2.3.4
ffmpeg/ffmpeg
2.3.5
ffmpeg/ffmpeg
2.4
ffmpeg/ffmpeg
2.4.1
ffmpeg/ffmpeg
2.4.2
... and 2 more
Published
Dec 09, 2014
Tracked Since
Feb 18, 2026