Your submission was sent successfully! Close

CVE-2016-2326

Published: 12 February 2016

Integer overflow in the asf_write_packet function in libavformat/asfenc.c in FFmpeg before 2.8.5 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted PTS (aka presentation timestamp) value in a .mov file.

From the Ubuntu security team

It was discovered that Libav incorrectly handled certain media files. An attacker could possibly use this issue to cause a denial of service or other unspecified impact.

Priority

Medium

CVSS 3 base score: 8.8

Status

Package Release Status
ffmpeg
Launchpad, Ubuntu, Debian
artful
Released (7:2.8.6-1ubuntu1)
bionic
Released (7:2.8.6-1ubuntu1)
cosmic
Released (7:2.8.6-1ubuntu1)
disco
Released (7:2.8.6-1ubuntu1)
precise Does not exist

trusty Does not exist

upstream Needs triage

wily Ignored
(reached end-of-life)
xenial
Released (7:2.8.6-1ubuntu1)
yakkety
Released (7:2.8.6-1ubuntu1)
zesty
Released (7:2.8.6-1ubuntu1)
libav
Launchpad, Ubuntu, Debian
artful Does not exist

bionic Does not exist

cosmic Does not exist

disco Does not exist

precise Does not exist
(precise was released [4:0.8.17-0ubuntu0.12.04.2])
trusty Does not exist
(trusty was needed)
upstream Needs triage

wily Does not exist

xenial Does not exist

yakkety Does not exist

zesty Does not exist