CVE-2015-3395: Buffer Overflow
First published: Tue Jun 16 2015(Updated: )
The msrle_decode_pal4 function in msrledec.c in Libav before 10.7 and 11.x before 11.4 and FFmpeg before 2.0.7, 2.2.x before 2.2.15, 2.4.x before 2.4.8, 2.5.x before 2.5.6, and 2.6.x before 2.6.2 allows remote attackers to have unspecified impact via a crafted image, related to a pixel pointer, which triggers an out-of-bounds array access.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Canonical Ubuntu Linux | =12.04 | |
| FFmpeg FFmpeg | =2.0.6 | |
| FFmpeg FFmpeg | =2.2.0 | |
| FFmpeg FFmpeg | =2.2.1 | |
| FFmpeg FFmpeg | =2.2.2 | |
| FFmpeg FFmpeg | =2.2.3 | |
| FFmpeg FFmpeg | =2.2.4 | |
| FFmpeg FFmpeg | =2.2.5 | |
| FFmpeg FFmpeg | =2.2.6 | |
| FFmpeg FFmpeg | =2.2.7 | |
| FFmpeg FFmpeg | =2.2.8 | |
| FFmpeg FFmpeg | =2.2.9 | |
| FFmpeg FFmpeg | =2.2.10 | |
| FFmpeg FFmpeg | =2.2.11 | |
| FFmpeg FFmpeg | =2.2.12 | |
| FFmpeg FFmpeg | =2.2.13 | |
| FFmpeg FFmpeg | =2.2.14 | |
| FFmpeg FFmpeg | =2.4.0 | |
| FFmpeg FFmpeg | =2.4.1 | |
| FFmpeg FFmpeg | =2.4.2 | |
| FFmpeg FFmpeg | =2.4.3 | |
| FFmpeg FFmpeg | =2.4.4 | |
| FFmpeg FFmpeg | =2.4.5 | |
| FFmpeg FFmpeg | =2.4.6 | |
| FFmpeg FFmpeg | =2.4.7 | |
| FFmpeg FFmpeg | =2.5.0 | |
| FFmpeg FFmpeg | =2.5.1 | |
| FFmpeg FFmpeg | =2.5.2 | |
| FFmpeg FFmpeg | =2.5.3 | |
| FFmpeg FFmpeg | =2.5.4 | |
| FFmpeg FFmpeg | =2.5.5 | |
| FFmpeg FFmpeg | =2.6.0 | |
| FFmpeg FFmpeg | =2.6.1 | |
| Libav Libav | <=10.6 | |
| Libav Libav | =11.0 | |
| Libav Libav | =11.1 | |
| Libav Libav | =11.2 | |
| Libav Libav | =11.3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=f7e1367f58263593e6cee3c282f7277d7ee9d553
- http://www.debian.org/security/2015/dsa-3288
- http://www.securityfocus.com/bid/74433
- http://www.ubuntu.com/usn/USN-2944-1
- https://git.libav.org/?p=libav.git;a=blob;f=Changelog;hb=refs/tags/v11.4
- https://security.gentoo.org/glsa/201603-06
- https://security.gentoo.org/glsa/201705-08
- https://www.ffmpeg.org/security.html
- https://git.libav.org/?p=libav.git%3Ba=blob%3Bf=Changelog%3Bhb=refs/tags/v11.4
- http://git.videolan.org/?p=ffmpeg.git%3Ba=commitdiff%3Bh=f7e1367f58263593e6cee3c282f7277d7ee9d553
- agent/references
- agent/type
- agent/first-publish-date
- agent/last-modified-date
- collector/nvd-index
- agent/software-canonical-lookup-request
- agent/severity
- agent/weakness
- agent/author
- agent/softwarecombine
- agent/tags
- agent/description
- agent/event
- collector/mitre-cve
- source/MITRE
- vendor/canonical
- canonical/canonical ubuntu linux
- version/canonical ubuntu linux/12.04
- vendor/ffmpeg
- canonical/ffmpeg ffmpeg
- version/ffmpeg ffmpeg/2.0.6
- version/ffmpeg ffmpeg/2.2.0
- version/ffmpeg ffmpeg/2.2.1
- version/ffmpeg ffmpeg/2.2.2
- version/ffmpeg ffmpeg/2.2.3
- version/ffmpeg ffmpeg/2.2.4
- version/ffmpeg ffmpeg/2.2.5
- version/ffmpeg ffmpeg/2.2.6
- version/ffmpeg ffmpeg/2.2.7
- version/ffmpeg ffmpeg/2.2.8
- version/ffmpeg ffmpeg/2.2.9
- version/ffmpeg ffmpeg/2.2.10
- version/ffmpeg ffmpeg/2.2.11
- version/ffmpeg ffmpeg/2.2.12
- version/ffmpeg ffmpeg/2.2.13
- version/ffmpeg ffmpeg/2.2.14
- version/ffmpeg ffmpeg/2.4.0
- version/ffmpeg ffmpeg/2.4.1
- version/ffmpeg ffmpeg/2.4.2
- version/ffmpeg ffmpeg/2.4.3
- version/ffmpeg ffmpeg/2.4.4
- version/ffmpeg ffmpeg/2.4.5
- version/ffmpeg ffmpeg/2.4.6
- version/ffmpeg ffmpeg/2.4.7
- version/ffmpeg ffmpeg/2.5.0
- version/ffmpeg ffmpeg/2.5.1
- version/ffmpeg ffmpeg/2.5.2
- version/ffmpeg ffmpeg/2.5.3
- version/ffmpeg ffmpeg/2.5.4
- version/ffmpeg ffmpeg/2.5.5
- version/ffmpeg ffmpeg/2.6.0
- version/ffmpeg ffmpeg/2.6.1
- vendor/libav
- canonical/libav libav
- version/libav libav/10.6
- version/libav libav/11.0
- version/libav libav/11.1
- version/libav libav/11.2
- version/libav libav/11.3