Your submission was sent successfully! Close

CVE-2016-2330

Published: 12 February 2016

libavcodec/gif.c in FFmpeg before 2.8.6 does not properly calculate a buffer size, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via a crafted .tga file, related to the gif_image_write_image, gif_encode_init, and gif_encode_close functions.

Priority

Medium

CVSS 3 base score: 8.8

Status

Package Release Status
ffmpeg
Launchpad, Ubuntu, Debian
artful
Released (7:2.8.6-1ubuntu1)
bionic
Released (7:2.8.6-1ubuntu1)
precise Does not exist

trusty Does not exist

upstream Needs triage

wily Ignored
(reached end-of-life)
xenial
Released (7:2.8.6-1ubuntu1)
yakkety
Released (7:2.8.6-1ubuntu1)
zesty
Released (7:2.8.6-1ubuntu1)
libav
Launchpad, Ubuntu, Debian
artful Does not exist

bionic Does not exist

precise Does not exist
(precise was released [4:0.8.17-0ubuntu0.12.04.2])
trusty Does not exist
(trusty was not-affected)
upstream Needs triage

wily Does not exist

xenial Does not exist

yakkety Does not exist

zesty Does not exist

Notes

AuthorNote
mdeslaur
as of 2016-03-31, no equivalent fix in libav
ebarretto
libav not affected according to upstream

References

Bugs