The msrle_decode_frame function in libavcodec/msrle.c in FFmpeg before 2.1.4 does not properly calculate line sizes, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted Microsoft RLE video data.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Ffmpeg | Ffmpeg | * | 2.1.3 (including) |
| Ffmpeg | Ffmpeg | 2.0 (including) | 2.0 (including) |
| Ffmpeg | Ffmpeg | 2.0.1 (including) | 2.0.1 (including) |
| Ffmpeg | Ffmpeg | 2.0.2 (including) | 2.0.2 (including) |
| Ffmpeg | Ffmpeg | 2.0.3 (including) | 2.0.3 (including) |
| Ffmpeg | Ffmpeg | 2.1 (including) | 2.1 (including) |
| Ffmpeg | Ffmpeg | 2.1.1 (including) | 2.1.1 (including) |
| Ffmpeg | Ffmpeg | 2.1.2 (including) | 2.1.2 (including) |
| Ffmpeg | Ubuntu | lucid | * |