Your submission was sent successfully! Close

CVE-2018-7557

Published: 28 February 2018

The decode_init function in libavcodec/utvideodec.c in FFmpeg 2.8 through 3.4.2 allows remote attackers to cause a denial of service (Out of array read) via an AVI file with crafted dimensions within chroma subsampling data.

Priority

Medium

CVSS 3 base score: 6.5

Status

Package Release Status
ffmpeg
Launchpad, Ubuntu, Debian
Upstream
Released (7:3.4.3-1)
Ubuntu 18.04 LTS (Bionic Beaver)
Released (7:3.4.4-0ubuntu0.18.04.1)
Ubuntu 16.04 ESM (Xenial Xerus)
Released (7:2.8.15-0ubuntu0.16.04.1)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist