cve-2015-3395
Vulnerability from cvelistv5
Published
2015-06-16 16:00
Modified
2024-08-06 05:47
Severity ?
Summary
The msrle_decode_pal4 function in msrledec.c in Libav before 10.7 and 11.x before 11.4 and FFmpeg before 2.0.7, 2.2.x before 2.2.15, 2.4.x before 2.4.8, 2.5.x before 2.5.6, and 2.6.x before 2.6.2 allows remote attackers to have unspecified impact via a crafted image, related to a pixel pointer, which triggers an out-of-bounds array access.
References
cve@mitre.orghttp://git.videolan.org/?p=ffmpeg.git%3Ba=commitdiff%3Bh=f7e1367f58263593e6cee3c282f7277d7ee9d553
cve@mitre.orghttp://www.debian.org/security/2015/dsa-3288
cve@mitre.orghttp://www.securityfocus.com/bid/74433
cve@mitre.orghttp://www.ubuntu.com/usn/USN-2944-1
cve@mitre.orghttps://git.libav.org/?p=libav.git%3Ba=blob%3Bf=Changelog%3Bhb=refs/tags/v11.4
cve@mitre.orghttps://security.gentoo.org/glsa/201603-06
cve@mitre.orghttps://security.gentoo.org/glsa/201705-08
cve@mitre.orghttps://www.ffmpeg.org/security.htmlVendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://git.videolan.org/?p=ffmpeg.git%3Ba=commitdiff%3Bh=f7e1367f58263593e6cee3c282f7277d7ee9d553
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2015/dsa-3288
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/74433
af854a3a-2127-422b-91ae-364da2661108http://www.ubuntu.com/usn/USN-2944-1
af854a3a-2127-422b-91ae-364da2661108https://git.libav.org/?p=libav.git%3Ba=blob%3Bf=Changelog%3Bhb=refs/tags/v11.4
af854a3a-2127-422b-91ae-364da2661108https://security.gentoo.org/glsa/201603-06
af854a3a-2127-422b-91ae-364da2661108https://security.gentoo.org/glsa/201705-08
af854a3a-2127-422b-91ae-364da2661108https://www.ffmpeg.org/security.htmlVendor Advisory
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T05:47:57.389Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://git.libav.org/?p=libav.git%3Ba=blob%3Bf=Changelog%3Bhb=refs/tags/v11.4"
          },
          {
            "name": "GLSA-201705-08",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201705-08"
          },
          {
            "name": "USN-2944-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2944-1"
          },
          {
            "name": "DSA-3288",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2015/dsa-3288"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://git.videolan.org/?p=ffmpeg.git%3Ba=commitdiff%3Bh=f7e1367f58263593e6cee3c282f7277d7ee9d553"
          },
          {
            "name": "GLSA-201603-06",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201603-06"
          },
          {
            "name": "74433",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/74433"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.ffmpeg.org/security.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-03-24T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The msrle_decode_pal4 function in msrledec.c in Libav before 10.7 and 11.x before 11.4 and FFmpeg before 2.0.7, 2.2.x before 2.2.15, 2.4.x before 2.4.8, 2.5.x before 2.5.6, and 2.6.x before 2.6.2 allows remote attackers to have unspecified impact via a crafted image, related to a pixel pointer, which triggers an out-of-bounds array access."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-06-30T16:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://git.libav.org/?p=libav.git%3Ba=blob%3Bf=Changelog%3Bhb=refs/tags/v11.4"
        },
        {
          "name": "GLSA-201705-08",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201705-08"
        },
        {
          "name": "USN-2944-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2944-1"
        },
        {
          "name": "DSA-3288",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2015/dsa-3288"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://git.videolan.org/?p=ffmpeg.git%3Ba=commitdiff%3Bh=f7e1367f58263593e6cee3c282f7277d7ee9d553"
        },
        {
          "name": "GLSA-201603-06",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201603-06"
        },
        {
          "name": "74433",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/74433"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.ffmpeg.org/security.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2015-3395",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The msrle_decode_pal4 function in msrledec.c in Libav before 10.7 and 11.x before 11.4 and FFmpeg before 2.0.7, 2.2.x before 2.2.15, 2.4.x before 2.4.8, 2.5.x before 2.5.6, and 2.6.x before 2.6.2 allows remote attackers to have unspecified impact via a crafted image, related to a pixel pointer, which triggers an out-of-bounds array access."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://git.libav.org/?p=libav.git;a=blob;f=Changelog;hb=refs/tags/v11.4",
              "refsource": "CONFIRM",
              "url": "https://git.libav.org/?p=libav.git;a=blob;f=Changelog;hb=refs/tags/v11.4"
            },
            {
              "name": "GLSA-201705-08",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201705-08"
            },
            {
              "name": "USN-2944-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-2944-1"
            },
            {
              "name": "DSA-3288",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2015/dsa-3288"
            },
            {
              "name": "http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=f7e1367f58263593e6cee3c282f7277d7ee9d553",
              "refsource": "CONFIRM",
              "url": "http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=f7e1367f58263593e6cee3c282f7277d7ee9d553"
            },
            {
              "name": "GLSA-201603-06",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201603-06"
            },
            {
              "name": "74433",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/74433"
            },
            {
              "name": "https://www.ffmpeg.org/security.html",
              "refsource": "CONFIRM",
              "url": "https://www.ffmpeg.org/security.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2015-3395",
    "datePublished": "2015-06-16T16:00:00",
    "dateReserved": "2015-04-21T00:00:00",
    "dateUpdated": "2024-08-06T05:47:57.389Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*\", \"matchCriteriaId\": \"B6B7CAD7-9D4E-4FDB-88E3-1E583210A01F\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ffmpeg:ffmpeg:2.0.6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B07481C8-7CEB-4B81-B8E0-FF45DAA28870\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ffmpeg:ffmpeg:2.2.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"593F9555-034A-41B6-A96E-5A4A03E8680E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ffmpeg:ffmpeg:2.2.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4BF38DD1-2604-41AD-975A-56CC24767799\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ffmpeg:ffmpeg:2.2.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C76392F6-6992-4B67-97BA-607A091DDA6B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ffmpeg:ffmpeg:2.2.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"BB396E84-FE69-4E19-9937-B82A63D347AF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ffmpeg:ffmpeg:2.2.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"CE9CF7C7-3730-43EC-B63E-B004D979E57A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ffmpeg:ffmpeg:2.2.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"889B2130-CB88-487B-92FB-959DB44B8E34\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ffmpeg:ffmpeg:2.2.6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F9BE4879-972C-45EA-8253-46E5BE98FFA9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ffmpeg:ffmpeg:2.2.7:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"653411BA-9F0B-4BFC-8A42-6576E956F96D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ffmpeg:ffmpeg:2.2.8:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"268DAF2F-4484-4212-AEB0-F9A10596F874\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ffmpeg:ffmpeg:2.2.9:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"BCD7A424-DA4D-4508-B4EB-14A1BA65E596\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ffmpeg:ffmpeg:2.2.10:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C190A7C8-2DAE-4F72-A620-9D184CBF10B1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ffmpeg:ffmpeg:2.2.11:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6E8764DC-1C01-4C3E-A7AC-C8AF69F944E1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ffmpeg:ffmpeg:2.2.12:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C7A45FBF-A89E-4F1C-B397-AB2A53DB805C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ffmpeg:ffmpeg:2.2.13:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"78B3B781-7DEC-475C-A429-11D1B2F69CD2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ffmpeg:ffmpeg:2.2.14:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1FDCCDDC-6CDA-4D3B-BB4C-C370C69EB1C9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ffmpeg:ffmpeg:2.4.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"48899BDA-F7FD-494A-A141-10FBD4DE67BE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ffmpeg:ffmpeg:2.4.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"14D1738D-D85A-4650-9DAB-C626E7F52812\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ffmpeg:ffmpeg:2.4.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A91B8DD5-FB80-47E7-8AF3-57D72CD4D034\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ffmpeg:ffmpeg:2.4.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A1ADB969-FA62-4238-83DF-D5703603A9FE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ffmpeg:ffmpeg:2.4.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2D51D915-0FAF-449F-825B-1F2B1F9BAF00\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ffmpeg:ffmpeg:2.4.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"19772D67-FAE5-4178-815D-4F511AE0411E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ffmpeg:ffmpeg:2.4.6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2A6097F4-A8D1-4070-A4B2-8479421C15DB\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ffmpeg:ffmpeg:2.4.7:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8BBBBB2E-F454-44F7-8131-BFF852BC6DE0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ffmpeg:ffmpeg:2.5.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6BF0FC9B-806E-4EC2-A644-B1C2CC26E6AD\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ffmpeg:ffmpeg:2.5.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DF38E5B7-AB89-418E-B507-3D660FE753C4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ffmpeg:ffmpeg:2.5.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C5249D4A-D8D9-4B89-96B6-E957A2210750\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ffmpeg:ffmpeg:2.5.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"29619AAD-6792-4B38-8DFB-706BEACA46F1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ffmpeg:ffmpeg:2.5.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"88FEC8E4-6B53-459E-B257-BEE424463592\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ffmpeg:ffmpeg:2.5.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8A0A20D5-EAFD-4B79-818A-B834E9A11C2B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ffmpeg:ffmpeg:2.6.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"826DD95D-ADE5-443A-9057-D25CC6FD5801\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ffmpeg:ffmpeg:2.6.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"CBE52F27-7AEC-40AB-9349-4C3E0E4743BF\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:libav:libav:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"10.6\", \"matchCriteriaId\": \"8452D8CC-D6D9-4864-AE9D-40CA53BB654B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:libav:libav:11.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"60D00501-1CED-4AC5-98C5-4F9DA10D09FC\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:libav:libav:11.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"92FC79B9-3D67-4CD0-B68C-3671107DBE79\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:libav:libav:11.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5376C461-23BE-4717-AED3-B675110B6759\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:libav:libav:11.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"02FA20D7-04C4-4E3C-9A4E-4DE52593F2C9\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"The msrle_decode_pal4 function in msrledec.c in Libav before 10.7 and 11.x before 11.4 and FFmpeg before 2.0.7, 2.2.x before 2.2.15, 2.4.x before 2.4.8, 2.5.x before 2.5.6, and 2.6.x before 2.6.2 allows remote attackers to have unspecified impact via a crafted image, related to a pixel pointer, which triggers an out-of-bounds array access.\"}, {\"lang\": \"es\", \"value\": \"La funci\\u00f3n msrle_decode_pal4 en msrledec.c en Libav anterior a 10.7 y 11.x anterior a 11.4 y FFmpeg anterior a 2.0.7, 2.2.x anterior a 2.2.15, 2.4.x anterior a 2.4.8, 2.5.x anterior a 2.5.6, y 2.6.x anterior a 2.6.2 permite a atacantes remotos tener un impacto no especificado a trav\\u00e9s de una imagen manipulada, relacionado con un puntero de pixels, lo que provoca un acceso a array fuera de rango.\"}]",
      "id": "CVE-2015-3395",
      "lastModified": "2024-11-21T02:29:21.030",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:P/I:P/A:P\", \"baseScore\": 6.8, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.6, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
      "published": "2015-06-16T16:59:04.237",
      "references": "[{\"url\": \"http://git.videolan.org/?p=ffmpeg.git%3Ba=commitdiff%3Bh=f7e1367f58263593e6cee3c282f7277d7ee9d553\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.debian.org/security/2015/dsa-3288\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/bid/74433\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.ubuntu.com/usn/USN-2944-1\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://git.libav.org/?p=libav.git%3Ba=blob%3Bf=Changelog%3Bhb=refs/tags/v11.4\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://security.gentoo.org/glsa/201603-06\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://security.gentoo.org/glsa/201705-08\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://www.ffmpeg.org/security.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://git.videolan.org/?p=ffmpeg.git%3Ba=commitdiff%3Bh=f7e1367f58263593e6cee3c282f7277d7ee9d553\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.debian.org/security/2015/dsa-3288\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/bid/74433\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.ubuntu.com/usn/USN-2944-1\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://git.libav.org/?p=libav.git%3Ba=blob%3Bf=Changelog%3Bhb=refs/tags/v11.4\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://security.gentoo.org/glsa/201603-06\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://security.gentoo.org/glsa/201705-08\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://www.ffmpeg.org/security.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-119\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2015-3395\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2015-06-16T16:59:04.237\",\"lastModified\":\"2024-11-21T02:29:21.030\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The msrle_decode_pal4 function in msrledec.c in Libav before 10.7 and 11.x before 11.4 and FFmpeg before 2.0.7, 2.2.x before 2.2.15, 2.4.x before 2.4.8, 2.5.x before 2.5.6, and 2.6.x before 2.6.2 allows remote attackers to have unspecified impact via a crafted image, related to a pixel pointer, which triggers an out-of-bounds array access.\"},{\"lang\":\"es\",\"value\":\"La funci\u00f3n msrle_decode_pal4 en msrledec.c en Libav anterior a 10.7 y 11.x anterior a 11.4 y FFmpeg anterior a 2.0.7, 2.2.x anterior a 2.2.15, 2.4.x anterior a 2.4.8, 2.5.x anterior a 2.5.6, y 2.6.x anterior a 2.6.2 permite a atacantes remotos tener un impacto no especificado a trav\u00e9s de una imagen manipulada, relacionado con un puntero de pixels, lo que provoca un acceso a array fuera de rango.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:P/I:P/A:P\",\"baseScore\":6.8,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-119\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*\",\"matchCriteriaId\":\"B6B7CAD7-9D4E-4FDB-88E3-1E583210A01F\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ffmpeg:ffmpeg:2.0.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B07481C8-7CEB-4B81-B8E0-FF45DAA28870\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ffmpeg:ffmpeg:2.2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"593F9555-034A-41B6-A96E-5A4A03E8680E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ffmpeg:ffmpeg:2.2.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4BF38DD1-2604-41AD-975A-56CC24767799\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ffmpeg:ffmpeg:2.2.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C76392F6-6992-4B67-97BA-607A091DDA6B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ffmpeg:ffmpeg:2.2.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BB396E84-FE69-4E19-9937-B82A63D347AF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ffmpeg:ffmpeg:2.2.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CE9CF7C7-3730-43EC-B63E-B004D979E57A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ffmpeg:ffmpeg:2.2.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"889B2130-CB88-487B-92FB-959DB44B8E34\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ffmpeg:ffmpeg:2.2.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F9BE4879-972C-45EA-8253-46E5BE98FFA9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ffmpeg:ffmpeg:2.2.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"653411BA-9F0B-4BFC-8A42-6576E956F96D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ffmpeg:ffmpeg:2.2.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"268DAF2F-4484-4212-AEB0-F9A10596F874\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ffmpeg:ffmpeg:2.2.9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BCD7A424-DA4D-4508-B4EB-14A1BA65E596\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ffmpeg:ffmpeg:2.2.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C190A7C8-2DAE-4F72-A620-9D184CBF10B1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ffmpeg:ffmpeg:2.2.11:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6E8764DC-1C01-4C3E-A7AC-C8AF69F944E1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ffmpeg:ffmpeg:2.2.12:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C7A45FBF-A89E-4F1C-B397-AB2A53DB805C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ffmpeg:ffmpeg:2.2.13:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"78B3B781-7DEC-475C-A429-11D1B2F69CD2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ffmpeg:ffmpeg:2.2.14:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1FDCCDDC-6CDA-4D3B-BB4C-C370C69EB1C9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ffmpeg:ffmpeg:2.4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"48899BDA-F7FD-494A-A141-10FBD4DE67BE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ffmpeg:ffmpeg:2.4.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"14D1738D-D85A-4650-9DAB-C626E7F52812\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ffmpeg:ffmpeg:2.4.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A91B8DD5-FB80-47E7-8AF3-57D72CD4D034\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ffmpeg:ffmpeg:2.4.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A1ADB969-FA62-4238-83DF-D5703603A9FE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ffmpeg:ffmpeg:2.4.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2D51D915-0FAF-449F-825B-1F2B1F9BAF00\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ffmpeg:ffmpeg:2.4.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"19772D67-FAE5-4178-815D-4F511AE0411E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ffmpeg:ffmpeg:2.4.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2A6097F4-A8D1-4070-A4B2-8479421C15DB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ffmpeg:ffmpeg:2.4.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8BBBBB2E-F454-44F7-8131-BFF852BC6DE0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ffmpeg:ffmpeg:2.5.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6BF0FC9B-806E-4EC2-A644-B1C2CC26E6AD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ffmpeg:ffmpeg:2.5.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DF38E5B7-AB89-418E-B507-3D660FE753C4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ffmpeg:ffmpeg:2.5.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C5249D4A-D8D9-4B89-96B6-E957A2210750\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ffmpeg:ffmpeg:2.5.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"29619AAD-6792-4B38-8DFB-706BEACA46F1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ffmpeg:ffmpeg:2.5.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"88FEC8E4-6B53-459E-B257-BEE424463592\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ffmpeg:ffmpeg:2.5.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8A0A20D5-EAFD-4B79-818A-B834E9A11C2B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ffmpeg:ffmpeg:2.6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"826DD95D-ADE5-443A-9057-D25CC6FD5801\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ffmpeg:ffmpeg:2.6.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CBE52F27-7AEC-40AB-9349-4C3E0E4743BF\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libav:libav:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"10.6\",\"matchCriteriaId\":\"8452D8CC-D6D9-4864-AE9D-40CA53BB654B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libav:libav:11.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"60D00501-1CED-4AC5-98C5-4F9DA10D09FC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libav:libav:11.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"92FC79B9-3D67-4CD0-B68C-3671107DBE79\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libav:libav:11.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5376C461-23BE-4717-AED3-B675110B6759\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libav:libav:11.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"02FA20D7-04C4-4E3C-9A4E-4DE52593F2C9\"}]}]}],\"references\":[{\"url\":\"http://git.videolan.org/?p=ffmpeg.git%3Ba=commitdiff%3Bh=f7e1367f58263593e6cee3c282f7277d7ee9d553\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.debian.org/security/2015/dsa-3288\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/74433\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.ubuntu.com/usn/USN-2944-1\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://git.libav.org/?p=libav.git%3Ba=blob%3Bf=Changelog%3Bhb=refs/tags/v11.4\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://security.gentoo.org/glsa/201603-06\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://security.gentoo.org/glsa/201705-08\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://www.ffmpeg.org/security.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://git.videolan.org/?p=ffmpeg.git%3Ba=commitdiff%3Bh=f7e1367f58263593e6cee3c282f7277d7ee9d553\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.debian.org/security/2015/dsa-3288\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/74433\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.ubuntu.com/usn/USN-2944-1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://git.libav.org/?p=libav.git%3Ba=blob%3Bf=Changelog%3Bhb=refs/tags/v11.4\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://security.gentoo.org/glsa/201603-06\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://security.gentoo.org/glsa/201705-08\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.ffmpeg.org/security.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.