The msrle_decode_frame function in libavcodec/msrle.c in FFmpeg before 2.1.4 does not properly calculate line sizes, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted Microsoft RLE video data.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Ffmpeg | Ffmpeg | 2.0 | 2.0 |
Ffmpeg | Ffmpeg | 2.0.3 | 2.0.3 |
Ffmpeg | Ffmpeg | 2.0.2 | 2.0.2 |
Ffmpeg | Ffmpeg | * | 2.1.3 |
Ffmpeg | Ffmpeg | 2.0.1 | 2.0.1 |
Ffmpeg | Ffmpeg | 2.1.1 | 2.1.1 |
Ffmpeg | Ffmpeg | 2.1 | 2.1 |
Ffmpeg | Ffmpeg | 2.1.2 | 2.1.2 |