Unrated severityNVD Advisory· Published Nov 26, 2015· Updated Jun 17, 2026

CVE-2015-8363

Description

The jpeg2000_read_main_headers function in libavcodec/jpeg2000dec.c in FFmpeg before 2.6.5, 2.7.x before 2.7.3, and 2.8.x through 2.8.2 does not enforce uniqueness of the SIZ marker in a JPEG 2000 image, which allows remote attackers to cause a denial of service (out-of-bounds heap-memory access) or possibly have unspecified other impact via a crafted image with two or more of these markers.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

FFmpeg/Ffmpeg8 versions
cpe:2.3:a:ffmpeg:ffmpeg:2.6.4:*:*:*:*:*:*:*+ 7 more
- cpe:2.3:a:ffmpeg:ffmpeg:2.6.4:*:*:*:*:*:*:*
- cpe:2.3:a:ffmpeg:ffmpeg:2.7.0:*:*:*:*:*:*:*
- cpe:2.3:a:ffmpeg:ffmpeg:2.7.1:*:*:*:*:*:*:*
- cpe:2.3:a:ffmpeg:ffmpeg:2.7.2:*:*:*:*:*:*:*
- cpe:2.3:a:ffmpeg:ffmpeg:2.8.0:*:*:*:*:*:*:*
- cpe:2.3:a:ffmpeg:ffmpeg:2.8.1:*:*:*:*:*:*:*
- cpe:2.3:a:ffmpeg:ffmpeg:2.8.2:*:*:*:*:*:*:*
- (no CPE)range: <2.6.5, >=2.7.0 <2.7.3, >=2.8.0 <=2.8.2
osv-coords
pkg:rpm/opensuse/ffmpeg-4&distro=openSUSE%20Tumbleweed
Range: < 4.4-5.2

cvss	0.000
epss	0.002
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000

CVE-2015-8363

Description

AI Insight

Affected products

Patches

Vulnerability mechanics

References

News mentions