CVE-2015-8364 | Vulnerability Database | Aqua Security

Integer overflow in the ff_ivi_init_planes function in libavcodec/ivi.c in FFmpeg before 2.6.5, 2.7.x before 2.7.3, and 2.8.x through 2.8.2 allows remote attackers to cause a denial of service (out-of-bounds heap-memory access) or possibly have unspecified other impact via crafted image dimensions in Indeo Video Interactive data.

Affected Software

Name	Vendor	Start Version	End Version
Ffmpeg	Ffmpeg	2.6.4 (including)	2.6.4 (including)
Ffmpeg	Ffmpeg	2.7.0 (including)	2.7.0 (including)
Ffmpeg	Ffmpeg	2.7.1 (including)	2.7.1 (including)
Ffmpeg	Ffmpeg	2.7.2 (including)	2.7.2 (including)
Ffmpeg	Ffmpeg	2.8.0 (including)	2.8.0 (including)
Ffmpeg	Ffmpeg	2.8.1 (including)	2.8.1 (including)
Ffmpeg	Ffmpeg	2.8.2 (including)	2.8.2 (including)

References

http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=df91aa034b82b77a3c4e01791f4a2b2ff6c82066
http://lists.opensuse.org/opensuse-updates/2015-12/msg00118.html
http://www.ubuntu.com/usn/USN-2944-1
https://lists.debian.org/debian-lts-announce/2018/12/msg00009.html

NVD	https://nvd.nist.gov/vuln/detail/CVE-2015-8364
CWE	https://cwe.mitre.org/data/definitions/189.html