<p>Upgrade <code>FFmpeg</code> to version 2.8.3 or higher.</p>

Buffer Overflow Affecting ffmpeg package, versions >=2.2, <2.8.3

Snyk CVSS

Attack Complexity Low

Threat Intelligence

EPSS 0.65% (80^th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Snyk ID SNYK-COCOAPODS-FFMPEG-470700
published 2 Oct 2019
disclosed 4 Oct 2014
credit Unknown

Report a new vulnerability Found a mistake?

Introduced: 4 Oct 2014

CVE-2014-8547 Open this link in a new tab CWE-119 Open this link in a new tab

How to fix?

Upgrade FFmpeg to version 2.8.3 or higher.

Overview

FFmpeg is a FFmpeg static library ruby binding that is compiled for iOS and CocoaPods.

Affected versions of this package are vulnerable to Buffer Overflow. This is because gifdec.c doesn't correctly compute image heights allowing attackers to cause out-of-bounds access errors though GIF data.

References

Gentoo Security Advisory
http://git.videolan.org/?p=ffmpeg.git;a=commit;h=8f1457864be8fb9653643519dea1c6492f1dde57
http://www.ffmpeg.org/security.html
Ubuntu Security Advisory