Your submission was sent successfully! Close

CVE-2018-7557

Published: 28 February 2018

The decode_init function in libavcodec/utvideodec.c in FFmpeg 2.8 through 3.4.2 allows remote attackers to cause a denial of service (Out of array read) via an AVI file with crafted dimensions within chroma subsampling data.

Priority

Medium

CVSS 3 base score: 6.5

Status

Package Release Status
ffmpeg
Launchpad, Ubuntu, Debian
artful Ignored
(reached end-of-life)
bionic
Released (7:3.4.4-0ubuntu0.18.04.1)
precise Does not exist

trusty Does not exist

upstream
Released (7:3.4.3-1)
xenial
Released (7:2.8.15-0ubuntu0.16.04.1)