VYPR
← All advisories
Unrated severityNVD Advisory· Published Nov 26, 2015· Updated Jun 17, 2026

CVE-2015-8365

CVE-2015-8365

Description

The smka_decode_frame function in libavcodec/smacker.c in FFmpeg before 2.6.5, 2.7.x before 2.7.3, and 2.8.x through 2.8.2 does not verify that the data size is consistent with the number of channels, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted Smacker data.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

10
  • FFmpeg/Ffmpeg8 versions
    cpe:2.3:a:ffmpeg:ffmpeg:2.6.4:*:*:*:*:*:*:*+ 7 more
    • cpe:2.3:a:ffmpeg:ffmpeg:2.6.4:*:*:*:*:*:*:*
    • cpe:2.3:a:ffmpeg:ffmpeg:2.7.0:*:*:*:*:*:*:*
    • cpe:2.3:a:ffmpeg:ffmpeg:2.7.1:*:*:*:*:*:*:*
    • cpe:2.3:a:ffmpeg:ffmpeg:2.7.2:*:*:*:*:*:*:*
    • cpe:2.3:a:ffmpeg:ffmpeg:2.8.0:*:*:*:*:*:*:*
    • cpe:2.3:a:ffmpeg:ffmpeg:2.8.1:*:*:*:*:*:*:*
    • cpe:2.3:a:ffmpeg:ffmpeg:2.8.2:*:*:*:*:*:*:*
    • (no CPE)range: <2.6.5, >=2.7.0 <2.7.3, >=2.8.0 <=2.8.2
  • Canonical/Ubuntu Linux
    cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*
  • osv-coords
    pkg:rpm/opensuse/ffmpeg-4&distro=openSUSE%20Tumbleweed
    Range: < 4.4-5.2

Patches

Vulnerability mechanics

References

4

News mentions

0

No linked articles in our index yet.