PT-2015-6214 · FFmpeg+1 · Ffmpeg+1
Publicado
2015-06-13
·
Atualizado
2024-06-15
·
CVE-2015-3395
CVSS v2.0
6.8
Média
| Vetor | AV:N/AC:M/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
Libav versions prior to 10.7
Libav versions 11.x prior to 11.4
FFmpeg versions prior to 2.0.7
FFmpeg versions 2.2.x prior to 2.2.15
FFmpeg versions 2.4.x prior to 2.4.8
FFmpeg versions 2.5.x prior to 2.5.6
FFmpeg versions 2.6.x prior to 2.6.2
Description
The issue allows remote attackers to have an unspecified impact via a crafted image, related to a pixel pointer, which triggers an out-of-bounds array access. This occurs in the
msrle decode pal4 function in msrledec.c.Recommendations
For Libav versions prior to 10.7, update to version 10.7 or later.
For Libav versions 11.x prior to 11.4, update to version 11.4 or later.
For FFmpeg versions prior to 2.0.7, update to version 2.0.7 or later.
For FFmpeg versions 2.2.x prior to 2.2.15, update to version 2.2.15 or later.
For FFmpeg versions 2.4.x prior to 2.4.8, update to version 2.4.8 or later.
For FFmpeg versions 2.5.x prior to 2.5.6, update to version 2.5.6 or later.
For FFmpeg versions 2.6.x prior to 2.6.2, update to version 2.6.2 or later.
Correção
Buffer Overflow
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Ffmpeg
Libav