Lucene search

K

[email protected]NVD:CVE-2015-3395

HistoryJun 16, 2015 - 4:59 p.m.

CVE-2015-3395

2015-06-1616:59:04

CWE-119

[email protected]

web.nvd.nist.gov

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

8.7 High

AI Score

Confidence

High

0.008 Low

EPSS

Percentile

82.2%

The msrle_decode_pal4 function in msrledec.c in Libav before 10.7 and 11.x before 11.4 and FFmpeg before 2.0.7, 2.2.x before 2.2.15, 2.4.x before 2.4.8, 2.5.x before 2.5.6, and 2.6.x before 2.6.2 allows remote attackers to have unspecified impact via a crafted image, related to a pixel pointer, which triggers an out-of-bounds array access.

Affected configurations

NVD

Node

canonicalubuntu_linuxMatch12.04lts

Node

ffmpegffmpegMatch2.0.6

OR

ffmpegffmpegMatch2.2.0

OR

ffmpegffmpegMatch2.2.1

OR

ffmpegffmpegMatch2.2.2

OR

ffmpegffmpegMatch2.2.3

OR

ffmpegffmpegMatch2.2.4

OR

ffmpegffmpegMatch2.2.5

OR

ffmpegffmpegMatch2.2.6

OR

ffmpegffmpegMatch2.2.7

OR

ffmpegffmpegMatch2.2.8

OR

ffmpegffmpegMatch2.2.9

OR

ffmpegffmpegMatch2.2.10

OR

ffmpegffmpegMatch2.2.11

OR

ffmpegffmpegMatch2.2.12

OR

ffmpegffmpegMatch2.2.13

OR

ffmpegffmpegMatch2.2.14

OR

ffmpegffmpegMatch2.4.0

OR

ffmpegffmpegMatch2.4.1

OR

ffmpegffmpegMatch2.4.2

OR

ffmpegffmpegMatch2.4.3

OR

ffmpegffmpegMatch2.4.4

OR

ffmpegffmpegMatch2.4.5

OR

ffmpegffmpegMatch2.4.6

OR

ffmpegffmpegMatch2.4.7

OR

ffmpegffmpegMatch2.5.0

OR

ffmpegffmpegMatch2.5.1

OR

ffmpegffmpegMatch2.5.2

OR

ffmpegffmpegMatch2.5.3

OR

ffmpegffmpegMatch2.5.4

OR

ffmpegffmpegMatch2.5.5

OR

ffmpegffmpegMatch2.6.0

OR

ffmpegffmpegMatch2.6.1

Node

libavlibavRange≤10.6

OR

libavlibavMatch11.0

OR

libavlibavMatch11.1

OR

libavlibavMatch11.2

OR

libavlibavMatch11.3

References

git.videolan.org/?p=ffmpeg.git%3Ba=commitdiff%3Bh=f7e1367f58263593e6cee3c282f7277d7ee9d553

www.debian.org/security/2015/dsa-3288

www.securityfocus.com/bid/74433

www.ubuntu.com/usn/USN-2944-1

git.libav.org/?p=libav.git%3Ba=blob%3Bf=Changelog%3Bhb=refs/tags/v11.4

security.gentoo.org/glsa/201603-06

security.gentoo.org/glsa/201705-08

www.ffmpeg.org/security.html

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

8.7 High

AI Score

Confidence

High

0.008 Low

EPSS

Percentile

82.2%

Related for NVD:CVE-2015-3395

ubuntucve1 debiancve1 veracode1 cvelist1 prion1 nessus5 freebsd1 cve1 debian1 openvas5 securityvulns2 osv1 gentoo2 mageia1 ubuntu1