{"id":"CVE-2014-8541","details":"libavcodec/mjpegdec.c in FFmpeg before 2.4.2 considers only dimension differences, and not bits-per-pixel differences, when determining whether an image size has changed, which allows remote attackers to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via crafted MJPEG data.","modified":"2026-01-27T04:13:25.871774Z","published":"2014-11-05T11:55:07Z","withdrawn":"2026-01-27T04:13:25.871774Z","related":["MGASA-2014-0464","MGASA-2014-0491"],"references":[{"type":"ADVISORY","url":"http://www.ubuntu.com/usn/USN-2944-1"},{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/201603-06"},{"type":"WEB","url":"http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=5c378d6a6df8243f06c87962b873bd563e58cd39"},{"type":"WEB","url":"http://www.ffmpeg.org/security.html"}],"schema_version":"1.7.3"}