Upstream information
Description
The smka_decode_frame function in libavcodec/smacker.c in FFmpeg before 2.6.5, 2.7.x before 2.7.3, and 2.8.x through 2.8.2 does not verify that the data size is consistent with the number of channels, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted Smacker data.SUSE information
Overall state of this security issue: Does not affect SUSE products
This issue is currently rated as having moderate severity.
National Vulnerability Database | |
---|---|
Base Score | 6.8 |
Vector | AV:N/AC:M/Au:N/C:P/I:P/A:P |
Access Vector | Network |
Access Complexity | Medium |
Authentication | None |
Confidentiality Impact | Partial |
Integrity Impact | Partial |
Availability Impact | Partial |
- openSUSE-SU-2015:2370-1, published Sun, 27 Dec 2015 01:11:59 +0100 (CET)
List of released packages
Product(s) | Fixed package version(s) | References |
---|---|---|
SUSE Linux Enterprise Module for Desktop Applications 15 SP1 |
| |
SUSE Linux Enterprise Module for Desktop Applications 15 SP2 |
| |
SUSE Linux Enterprise Module for Desktop Applications 15 |
| |
SUSE Linux Enterprise Workstation Extension 15 SP1 |
| |
SUSE Linux Enterprise Workstation Extension 15 SP2 |
| |
SUSE Linux Enterprise Workstation Extension 15 |
| |
openSUSE Leap 15.0 |
| Patchnames: openSUSE Leap 15.0 GA libavcodec57 |
openSUSE Leap 42.1 |
| Patchnames: openSUSE-2015-963 |
openSUSE Leap 42.2 |
| Patchnames: openSUSE Leap 42.2 GA libavcodec57 |
openSUSE Leap 42.3 |
| Patchnames: openSUSE Leap 42.3 GA libavcodec57 |
openSUSE Tumbleweed |
| Patchnames: openSUSE Tumbleweed GA ffmpeg |