What is the severity of CVE-2015-3395?

The severity of CVE-2015-3395 is considered to be medium due to potential impacts from crafted images leading to unspecified effects.

How do I fix CVE-2015-3395?

To fix CVE-2015-3395, update to the latest version of FFmpeg or Libav that has patched this vulnerability.

Which versions are affected by CVE-2015-3395?

CVE-2015-3395 affects Libav versions prior to 10.7, FFmpeg versions before 2.0.7, and various versions from 2.2.x to 2.6.x.

What type of attack does CVE-2015-3395 enable?

CVE-2015-3395 allows remote attackers to exploit vulnerabilities by supplying specially crafted images.

Is there a public exploit available for CVE-2015-3395?

As of now, there is no known public exploit specifically targeting CVE-2015-3395.

Vulnerability/
CVE-2015-3395

medium

6.8

CWE

119

16/6/2015

6/8/2024

CVE-2015-3395: Buffer Overflow

First published: Tue Jun 16 2015(Updated: )

The msrle_decode_pal4 function in msrledec.c in Libav before 10.7 and 11.x before 11.4 and FFmpeg before 2.0.7, 2.2.x before 2.2.15, 2.4.x before 2.4.8, 2.5.x before 2.5.6, and 2.6.x before 2.6.2 allows remote attackers to have unspecified impact via a crafted image, related to a pixel pointer, which triggers an out-of-bounds array access.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
Ubuntu	=12.04
FFmpeg	=2.0.6
FFmpeg	=2.2.0
FFmpeg	=2.2.1
FFmpeg	=2.2.2
FFmpeg	=2.2.3
FFmpeg	=2.2.4
FFmpeg	=2.2.5
FFmpeg	=2.2.6
FFmpeg	=2.2.7
FFmpeg	=2.2.8
FFmpeg	=2.2.9
FFmpeg	=2.2.10
FFmpeg	=2.2.11
FFmpeg	=2.2.12
FFmpeg	=2.2.13
FFmpeg	=2.2.14
FFmpeg	=2.4.0
FFmpeg	=2.4.1
FFmpeg	=2.4.2
FFmpeg	=2.4.3
FFmpeg	=2.4.4
FFmpeg	=2.4.5
FFmpeg	=2.4.6
FFmpeg	=2.4.7
FFmpeg	=2.5.0
FFmpeg	=2.5.1
FFmpeg	=2.5.2
FFmpeg	=2.5.3
FFmpeg	=2.5.4
FFmpeg	=2.5.5
FFmpeg	=2.6.0
FFmpeg	=2.6.1
Libav	<=10.6
Libav	=11.0
Libav	=11.1
Libav	=11.2
Libav	=11.3

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2015-3395?
The severity of CVE-2015-3395 is considered to be medium due to potential impacts from crafted images leading to unspecified effects.
How do I fix CVE-2015-3395?
To fix CVE-2015-3395, update to the latest version of FFmpeg or Libav that has patched this vulnerability.
Which versions are affected by CVE-2015-3395?
CVE-2015-3395 affects Libav versions prior to 10.7, FFmpeg versions before 2.0.7, and various versions from 2.2.x to 2.6.x.
What type of attack does CVE-2015-3395 enable?
CVE-2015-3395 allows remote attackers to exploit vulnerabilities by supplying specially crafted images.
Is there a public exploit available for CVE-2015-3395?
As of now, there is no known public exploit specifically targeting CVE-2015-3395.

agent/type
agent/severity
agent/weakness
agent/author
agent/description
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/references
agent/event
agent/first-publish-date
agent/source
agent/tags
agent/softwarecombine
collector/nvd-index
agent/software-canonical-lookup-request
vendor/canonical
canonical/ubuntu
version/ubuntu/12.04
vendor/ffmpeg
canonical/ffmpeg
version/ffmpeg/2.0.6
version/ffmpeg/2.2.0
version/ffmpeg/2.2.1
version/ffmpeg/2.2.2
version/ffmpeg/2.2.3
version/ffmpeg/2.2.4
version/ffmpeg/2.2.5
version/ffmpeg/2.2.6
version/ffmpeg/2.2.7
version/ffmpeg/2.2.8
version/ffmpeg/2.2.9
version/ffmpeg/2.2.10
version/ffmpeg/2.2.11
version/ffmpeg/2.2.12
version/ffmpeg/2.2.13
version/ffmpeg/2.2.14
version/ffmpeg/2.4.0
version/ffmpeg/2.4.1
version/ffmpeg/2.4.2
version/ffmpeg/2.4.3
version/ffmpeg/2.4.4
version/ffmpeg/2.4.5
version/ffmpeg/2.4.6
version/ffmpeg/2.4.7
version/ffmpeg/2.5.0
version/ffmpeg/2.5.1
version/ffmpeg/2.5.2
version/ffmpeg/2.5.3
version/ffmpeg/2.5.4
version/ffmpeg/2.5.5
version/ffmpeg/2.6.0
version/ffmpeg/2.6.1
vendor/libav
canonical/libav
version/libav/10.6
version/libav/11.0
version/libav/11.1
version/libav/11.2
version/libav/11.3