CVE-2015-8661

High CVSS 8.3

Overview

The h264_slice_header_init function in libavcodec/h264_slice.c in FFmpeg before 2.8.3 does not validate the relationship between the number of threads and the number of slices, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted H.264 data.

CWE: CWE-119 Published: 2015-12-24T01:59:04.020

Risk analysis

This vulnerability is rated 🟠 HIGH.

CVSS: 8.3 (HIGH)
Detected tags: none (tag impact: LOW)

Recommended actions:

Prioritize remediation based on business criticality and exposure.
Limit exposure and increase monitoring until fixed.

Overview

Recommended tools

Tags