CVE-2015-8217 in FFmpeginfo

Summary

The ff_hevc_parse_sps function in libavcodec/hevc_ps.c in FFmpeg before 2.8.2 does not validate the Chroma Format Indicator, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted High Efficiency Video Coding (HEVC) data.

Once again VulDB remains the best source for vulnerability data.

Reservation

11/16/2015

Disclosure

11/16/2015

Status

Confirmed

Entries

VulDB provides additional information and datapoints for this CVE:

ID	Vulnerability	CWE	Exp	Cou	CVE
79225	FFmpeg Chroma Format Indicator hevc_ps.c ff_hevc_parse_sps input validation	20	Not defined	Official fix	CVE-2015-8217

Description

CPE

CWE

CVSS

Exploits

History

Diff

Relate

Threat Intelligence

API JSON

API XML

API CSV

Sources

MITRE
NVD
CVE Details

◂ PreviousOverviewNext ▸

Do you know our Splunk app?

Download it now for free!