CVE-2018-7557

Name
CVE-2018-7557
Description
The decode_init function in libavcodec/utvideodec.c in FFmpeg 2.8 through 3.4.2 allows remote attackers to cause a denial of service (Out of array read) via an AVI file with crafted dimensions within chroma subsampling data.
NVD Severity
medium
Other trackers
Mailing lists
Exploits
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
Patch https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/7414d0bda7763f9bd69c26c068e482ab297c1c96
Third Party Advisory https://www.debian.org/security/2018/dsa-4249
Mailing List https://lists.debian.org/debian-lts-announce/2019/01/msg00006.html
GENTOO https://security.gentoo.org/glsa/202003-65
MISC https://github.com/FFmpeg/FFmpeg/commit/e724bd1dd9efea3abb8586d6644ec07694afceae

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:ffmpeg:ffmpeg:*:*:*:*:*:*:*:* ffmpeg >= None <= 3.4.2

Vulnerable and fixed packages

Source package Branch Version Maintainer Status