PT-2015-6214 · FFmpeg+1 · Ffmpeg+1
Published
2015-06-13
·
Updated
2024-06-15
·
CVE-2015-3395
CVSS v2.0
6.8
Medium
| Vector | AV:N/AC:M/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
Libav versions prior to 10.7
Libav versions 11.x prior to 11.4
FFmpeg versions prior to 2.0.7
FFmpeg versions 2.2.x prior to 2.2.15
FFmpeg versions 2.4.x prior to 2.4.8
FFmpeg versions 2.5.x prior to 2.5.6
FFmpeg versions 2.6.x prior to 2.6.2
Description
The issue allows remote attackers to have an unspecified impact via a crafted image, related to a pixel pointer, which triggers an out-of-bounds array access. This occurs in the
msrle decode pal4 function in msrledec.c.Recommendations
For Libav versions prior to 10.7, update to version 10.7 or later.
For Libav versions 11.x prior to 11.4, update to version 11.4 or later.
For FFmpeg versions prior to 2.0.7, update to version 2.0.7 or later.
For FFmpeg versions 2.2.x prior to 2.2.15, update to version 2.2.15 or later.
For FFmpeg versions 2.4.x prior to 2.4.8, update to version 2.4.8 or later.
For FFmpeg versions 2.5.x prior to 2.5.6, update to version 2.5.6 or later.
For FFmpeg versions 2.6.x prior to 2.6.2, update to version 2.6.2 or later.
Fix
Buffer Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ffmpeg
Libav