FFmpeg ff_dwt_decode Function Denial of Service Vulnerability (CVE-2015-8662)

FFmpeg ff_dwt_decode Function Denial of Service Vulnerability (CVE-2015-8662)
FFmpeg ff_dwt_decode Function Denial of Service Vulnerability (CVE-2015-8662)

Release date:
Updated on:

Affected Systems:

FFmpeg <2.8.4

Description:

CVE (CAN) ID: CVE-2015-8662

FFmpeg is a free software that allows you to perform video, transfer, and stream functions in multiple formats of audio and video.

In versions earlier than FFmpeg 2.8.4, libavcodec/00002000dwt. in c, the function ff_dwt_decode decoding Discrete Wavelet Transform has not verified the number of decomposition layers. Remote attackers can exploit this vulnerability to cause DoS (out-of-bounds array access) by constructing JPEG 2000 data ).

<* Source: FFmpeg
*>

Suggestion:

Vendor patch:

FFmpeg
------
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:

Http://git.videolan.org /? P = ffmpeg. git; a = commit; h = 75422280fbcdfbe9dc56bde5525b4d8b280f1bc5

Compile FFmpeg in Linux to download and compile the source file

Linux compiling and upgrading FFmpeg

Install FFMPEG on CentOS 5.6

Install FFmpeg in Ubuntu

Compile ffmpeg in Ubuntu 12.04

Install FFmpeg 2.2.2 In PPA in Ubuntu 14.04

FFmpeg details: click here
FFmpeg: click here

This article permanently updates the link address: