CVE-2016-2213

MEDIUM

Ffmpeg < 2.8.5 - Memory Corruption

Title source: rule

Description

The jpeg2000_decode_tile function in libavcodec/jpeg2000dec.c in FFmpeg before 2.8.6 allows remote attackers to cause a denial of service (out-of-bounds array read access) via crafted JPEG 2000 data.

References (3)

[Patch] http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=0aada30510d809bccfd539a90ea37b61188f2cb4

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id/1034923

[Third Party Advisory] https://security.gentoo.org/glsa/201606-09

Scores

CVSS v3 6.5

EPSS 0.0068

EPSS Percentile 71.4%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Classification

CWE

CWE-119

Status draft

Affected Products (1)

ffmpeg/ffmpeg < 2.8.5

Timeline

Published Feb 03, 2016

Tracked Since Feb 18, 2026