CVE-2015-3395
Published: 16 June 2015
The msrle_decode_pal4 function in msrledec.c in Libav before 10.7 and 11.x before 11.4 and FFmpeg before 2.0.7, 2.2.x before 2.2.15, 2.4.x before 2.4.8, 2.5.x before 2.5.6, and 2.6.x before 2.6.2 allows remote attackers to have unspecified impact via a crafted image, related to a pixel pointer, which triggers an out-of-bounds array access.
From the Ubuntu security team
It was discovered that Libav incorrectly handled certain media files. An attacker could possibly use this issue to cause a denial of service or other unspecified impact.
Priority
Status
Package | Release | Status |
---|---|---|
chromium-browser Launchpad, Ubuntu, Debian |
artful |
Released
(47.0.2526.73-0ubuntu1.1218)
|
bionic |
Released
(47.0.2526.73-0ubuntu1.1218)
|
|
cosmic |
Released
(47.0.2526.73-0ubuntu1.1218)
|
|
disco |
Released
(47.0.2526.73-0ubuntu1.1218)
|
|
precise |
Does not exist
(precise was ignored)
|
|
trusty |
Does not exist
(trusty was released [47.0.2526.73-0ubuntu0.14.04.1.1106])
|
|
upstream |
Released
|
|
utopic |
Ignored
(reached end-of-life)
|
|
vivid |
Released
(47.0.2526.73-0ubuntu0.15.04.1.1190)
|
|
wily |
Released
(47.0.2526.73-0ubuntu0.15.10.1.1215)
|
|
xenial |
Released
(47.0.2526.73-0ubuntu1.1218)
|
|
yakkety |
Released
(47.0.2526.73-0ubuntu1.1218)
|
|
zesty |
Released
(47.0.2526.73-0ubuntu1.1218)
|
|
ffmpeg Launchpad, Ubuntu, Debian |
artful |
Not vulnerable
(7:2.8.3-1)
|
bionic |
Not vulnerable
(7:2.8.3-1)
|
|
cosmic |
Not vulnerable
(7:2.8.3-1)
|
|
disco |
Not vulnerable
(7:2.8.3-1)
|
|
precise |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(2.5.6,2.6.2)
|
|
utopic |
Does not exist
|
|
vivid |
Released
(7:2.5.6-0ubuntu0.15.04.1)
|
|
wily |
Not vulnerable
(7:2.7.3-0ubuntu0.15.10.1)
|
|
xenial |
Not vulnerable
(7:2.8.3-1)
|
|
yakkety |
Not vulnerable
(7:2.8.3-1)
|
|
zesty |
Not vulnerable
(7:2.8.3-1)
|
|
libav Launchpad, Ubuntu, Debian |
artful |
Does not exist
|
bionic |
Does not exist
|
|
cosmic |
Does not exist
|
|
disco |
Does not exist
|
|
precise |
Does not exist
(precise was released [4:0.8.17-0ubuntu0.12.04.2])
|
|
trusty |
Does not exist
(trusty was needed)
|
|
upstream |
Released
(11.4)
|
|
utopic |
Ignored
(reached end-of-life)
|
|
vivid |
Ignored
(reached end-of-life)
|
|
wily |
Does not exist
|
|
xenial |
Does not exist
|
|
yakkety |
Does not exist
|
|
zesty |
Does not exist
|
|
oxide-qt Launchpad, Ubuntu, Debian |
artful |
Not vulnerable
(1.17.9-0ubuntu1)
|
bionic |
Does not exist
|
|
cosmic |
Does not exist
|
|
disco |
Does not exist
|
|
precise |
Does not exist
|
|
trusty |
Does not exist
(trusty was not-affected [1.19.4-0ubuntu0.14.04.1])
|
|
upstream |
Not vulnerable
(1.19.4)
|
|
utopic |
Ignored
(reached end-of-life)
|
|
vivid |
Ignored
(reached end-of-life)
|
|
wily |
Ignored
(reached end-of-life)
|
|
xenial |
Not vulnerable
(1.19.4-0ubuntu0.16.04.1)
|
|
yakkety |
Not vulnerable
(1.19.4-0ubuntu0.16.10.1)
|
|
zesty |
Not vulnerable
(1.17.9-0ubuntu1)
|