CVE-2015-6822

EPSS 0.89%

libav - security update

Published: 9/6/2015Modified: 4/28/2026

Also known as:DEBIAN-CVE-2015-6822

Description

The destroy_buffers function in libavcodec/sanm.c in FFmpeg before 2.7.2 does not properly maintain height and width values in the video context, which allows remote attackers to cause a denial of service (segmentation violation and application crash) or possibly have unspecified other impact via crafted LucasArts Smush video data.

Affected packages (2)

Debian/ffmpegfrom 0, < 7:2.7.2-1
Debian/libavfrom 0, < 6:11.12-1~deb8u3

References (1)

ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2015-6822