Bugzilla – Bug 955346
VUL-0: CVE-2015-8216: ffmpeg: The ljpeg_decode_yuv_scan function in libavcodec/mjpegdec.c in FFmpeg before2.8.2 omits certain wid...
Last modified: 2018-07-18 14:43:05 UTC
opensuse only: CVE-2015-8216 The ljpeg_decode_yuv_scan function in libavcodec/mjpegdec.c in FFmpeg before 2.8.2 omits certain width and height checks, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted MJPEG data. References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-8216 http://git.videolan.org/?p=ffmpeg.git;a=commit;h=d24888ef19ba38b787b11d1ee091a3d94920c76a
how come I'm the ffmpeg maintainer now? according to osc it's Jan
This is an autogenerated message for OBS integration: This bug (955346) was mentioned in https://build.opensuse.org/request/show/344949 Leap:42.1 / ffmpeg
bugbot adjusting priority
.changes fix: https://build.opensuse.org/request/show/345017
This is an autogenerated message for OBS integration: This bug (955346) was mentioned in https://build.opensuse.org/request/show/345018 Leap:42.1 / ffmpeg
Update released for 42.1 and checked in into Factory. Resolved fixed.
openSUSE-SU-2015:2120-1: An update that fixes four vulnerabilities is now available. Category: security (moderate) Bug References: 955346,955347,955348,955350 CVE References: CVE-2015-8216,CVE-2015-8217,CVE-2015-8218,CVE-2015-8219 Sources used: openSUSE Leap 42.1 (src): ffmpeg-2.8.2-3.1
This is an autogenerated message for OBS integration: This bug (955346) was mentioned in https://build.opensuse.org/request/show/623663 15.0+42.3+Backports:SLE-12-SP2 / chromium+codec2+ffmpeg-2+ffmpeg-3+ffmpeg-4+libsodium+libvpx-1_6+zeromq