FFmpeg decode_ihdr_chunk DoS Vulnerability (CVE-2015-6818)
FFmpeg decode_ihdr_chunk DoS Vulnerability (CVE-2015-6818)
Release date:
Updated on:
Affected Systems:
FFmpeg FFmpeg < 2.7.2
Description:
CVE (CAN) ID: CVE-2015-6818
FFmpeg is a free software that allows you to perform video, transfer, and stream functions in multiple formats of audio and video.
Versions earlier than FFmpeg 2.7.2, libavcodec/pngdec. c's decode_ihdr_chunk function does not implement the uniqueness of IHDR blocks in PNG images. This allows remote attackers to construct images with two or more IHDR blocks, this vulnerability causes Denial of Service (out-of-bounds array access ).
<* Source: Mateusz "j00ru" Jurczyk
Gynvael Coldwind
Samuel Gro & #223;
*>
Suggestion:
Vendor patch:
FFmpeg
------
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:
Http://git.videolan.org /? P = ffmpeg. git; a = commit; h = 47f4e2d8960ca756ca153ab8e3e93d80449b8c91
Compile FFmpeg in Linux to download and compile the source file
Linux compiling and upgrading FFmpeg
Install FFMPEG on CentOS 5.6
Install FFmpeg in Ubuntu
Compile ffmpeg in Ubuntu 12.04
Install FFmpeg 2.2.2 In PPA in Ubuntu 14.04
FFmpeg details: click here
FFmpeg: click here
This article permanently updates the link address: