FFmpeg hsf-_slice_header_init Function Denial of Service Vulnerability (CVE-2015-8661)

FFmpeg hsf-_slice_header_init Function Denial of Service Vulnerability (CVE-2015-8661)
FFmpeg hsf-_slice_header_init Function Denial of Service Vulnerability (CVE-2015-8661)

Release date:
Updated on:

Affected Systems:

FFmpeg <2.8.4

Description:

CVE (CAN) ID: CVE-2015-8661

FFmpeg is a free software that allows you to perform video, transfer, and stream functions in multiple formats of audio and video.

In versions earlier than FFmpeg 2.8.3, The hsf-_slice_header_init function in libavcodec/hsf-_slice.c does not verify the relationship between the number of threads and the number of program slices. Remote attackers construct the H. 264 data. This vulnerability can cause DoS (out-of-bounds array access ).

<* Source: FFmpeg
*>

Suggestion:

Vendor patch:

FFmpeg
------
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:

Http://git.videolan.org /? P = ffmpeg. git; a = commit; h = 4ea4d2f438c9a7eba41080c9a87be4b34943e4d5

Compile FFmpeg in Linux to download and compile the source file

Linux compiling and upgrading FFmpeg

Install FFMPEG on CentOS 5.6

Install FFmpeg in Ubuntu

Compile ffmpeg in Ubuntu 12.04

Install FFmpeg 2.2.2 In PPA in Ubuntu 14.04

FFmpeg details: click here
FFmpeg: click here

This article permanently updates the link address: