CVE-2015-8661

Priority
Description
The h264_slice_header_init function in libavcodec/h264_slice.c in FFmpeg
before 2.8.3 does not validate the relationship between the number of
threads and the number of slices, which allows remote attackers to cause a
denial of service (out-of-bounds array access) or possibly have unspecified
other impact via crafted H.264 data.
Package
Upstream:released (2.7.4,2.5.9)
Ubuntu 14.04 LTS (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (7:2.8.4-1ubuntu1)
Patches:
Upstream:http://git.videolan.org/?p=ffmpeg.git;a=commit;h=4ea4d2f438c9a7eba37980c9a87be4b34943e4d5
Package
Source: libav (LP Ubuntu Debian)
Upstream:needs-triage
Ubuntu 14.04 LTS (Trusty Tahr):not-affected (code not present)
Ubuntu 16.04 LTS (Xenial Xerus):DNE
More Information

Updated: 2019-03-19 12:24:12 UTC (commit 15472795df7e9de45b82f2d36b8b419b939f97b2)