Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2015-3395

The msrle_decode_pal4 function in msrledec.c in Libav before 10.7 and 11.x before 11.4 and FFmpeg before 2.0.7, 2.2.x before 2.2.15, 2.4.x before 2.4.8, 2.5.x before 2.5.6, and 2.6.x before 2.6.2 allows remote attackers to have unspecified impact via a crafted image, related to a pixel pointer, which triggers an out-of-bounds array access.

Published

2015-06-16T16:59:04.237

Last Modified

2025-04-12T10:46:40.837

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 6.8 (MEDIUM)

CVSSv2 Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

  • Access Vector: NETWORK
  • Access Complexity: MEDIUM
  • Authentication: NONE
  • Confidentiality Impact: PARTIAL
  • Integrity Impact: PARTIAL
  • Availability Impact: PARTIAL
Exploitability Score

8.6

Impact Score

6.4

Weaknesses
  • Type: Primary
    CWE-119
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Operating System canonical ubuntu_linux 12.04 Yes
Application ffmpeg ffmpeg 2.0.6 Yes
Application ffmpeg ffmpeg 2.2.0 Yes
Application ffmpeg ffmpeg 2.2.1 Yes
Application ffmpeg ffmpeg 2.2.2 Yes
Application ffmpeg ffmpeg 2.2.3 Yes
Application ffmpeg ffmpeg 2.2.4 Yes
Application ffmpeg ffmpeg 2.2.5 Yes
Application ffmpeg ffmpeg 2.2.6 Yes
Application ffmpeg ffmpeg 2.2.7 Yes
Application ffmpeg ffmpeg 2.2.8 Yes
Application ffmpeg ffmpeg 2.2.9 Yes
Application ffmpeg ffmpeg 2.2.10 Yes
Application ffmpeg ffmpeg 2.2.11 Yes
Application ffmpeg ffmpeg 2.2.12 Yes
Application ffmpeg ffmpeg 2.2.13 Yes
Application ffmpeg ffmpeg 2.2.14 Yes
Application ffmpeg ffmpeg 2.4.0 Yes
Application ffmpeg ffmpeg 2.4.1 Yes
Application ffmpeg ffmpeg 2.4.2 Yes
Application ffmpeg ffmpeg 2.4.3 Yes
Application ffmpeg ffmpeg 2.4.4 Yes
Application ffmpeg ffmpeg 2.4.5 Yes
Application ffmpeg ffmpeg 2.4.6 Yes
Application ffmpeg ffmpeg 2.4.7 Yes
Application ffmpeg ffmpeg 2.5.0 Yes
Application ffmpeg ffmpeg 2.5.1 Yes
Application ffmpeg ffmpeg 2.5.2 Yes
Application ffmpeg ffmpeg 2.5.3 Yes
Application ffmpeg ffmpeg 2.5.4 Yes
Application ffmpeg ffmpeg 2.5.5 Yes
Application ffmpeg ffmpeg 2.6.0 Yes
Application ffmpeg ffmpeg 2.6.1 Yes
Application libav libav ≤ 10.6 Yes
Application libav libav 11.0 Yes
Application libav libav 11.1 Yes
Application libav libav 11.2 Yes
Application libav libav 11.3 Yes
References