Vulnerability Description
The msrle_decode_pal4 function in msrledec.c in Libav before 10.7 and 11.x before 11.4 and FFmpeg before 2.0.7, 2.2.x before 2.2.15, 2.4.x before 2.4.8, 2.5.x before 2.5.6, and 2.6.x before 2.6.2 allows remote attackers to have unspecified impact via a crafted image, related to a pixel pointer, which triggers an out-of-bounds array access.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Canonical | Ubuntu Linux | 12.04 |
| Ffmpeg | Ffmpeg | 2.0.6 |
| Libav | Libav | <= 10.6 |
Related Weaknesses (CWE)
References
- http://git.videolan.org/?p=ffmpeg.git%3Ba=commitdiff%3Bh=f7e1367f58263593e6cee3c
- http://www.debian.org/security/2015/dsa-3288
- http://www.securityfocus.com/bid/74433
- http://www.ubuntu.com/usn/USN-2944-1
- https://git.libav.org/?p=libav.git%3Ba=blob%3Bf=Changelog%3Bhb=refs/tags/v11.4
- https://security.gentoo.org/glsa/201603-06
- https://security.gentoo.org/glsa/201705-08
- https://www.ffmpeg.org/security.htmlVendor Advisory
- http://git.videolan.org/?p=ffmpeg.git%3Ba=commitdiff%3Bh=f7e1367f58263593e6cee3c
- http://www.debian.org/security/2015/dsa-3288
- http://www.securityfocus.com/bid/74433
- http://www.ubuntu.com/usn/USN-2944-1
- https://git.libav.org/?p=libav.git%3Ba=blob%3Bf=Changelog%3Bhb=refs/tags/v11.4
- https://security.gentoo.org/glsa/201603-06
- https://security.gentoo.org/glsa/201705-08
FAQ
What is CVE-2015-3395?
CVE-2015-3395 is a vulnerability with a CVSS score of 6.8 (MEDIUM). The msrle_decode_pal4 function in msrledec.c in Libav before 10.7 and 11.x before 11.4 and FFmpeg before 2.0.7, 2.2.x before 2.2.15, 2.4.x before 2.4.8, 2.5.x before 2.5.6, and 2.6.x before 2.6.2 allo...
How severe is CVE-2015-3395?
CVE-2015-3395 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2015-3395?
Check the references section above for vendor advisories and patch information. Affected products include: Canonical Ubuntu Linux, Ffmpeg Ffmpeg, Libav Libav.