CVE-2015-3395
Published: 16 June 2015
The msrle_decode_pal4 function in msrledec.c in Libav before 10.7 and 11.x before 11.4 and FFmpeg before 2.0.7, 2.2.x before 2.2.15, 2.4.x before 2.4.8, 2.5.x before 2.5.6, and 2.6.x before 2.6.2 allows remote attackers to have unspecified impact via a crafted image, related to a pixel pointer, which triggers an out-of-bounds array access.
From the Ubuntu Security Team
It was discovered that Libav incorrectly handled certain media files. An attacker could possibly use this issue to cause a denial of service or other unspecified impact.
Priority
Status
Package | Release | Status |
---|---|---|
chromium-browser Launchpad, Ubuntu, Debian |
artful |
Released
(47.0.2526.73-0ubuntu1.1218)
|
bionic |
Released
(47.0.2526.73-0ubuntu1.1218)
|
|
cosmic |
Released
(47.0.2526.73-0ubuntu1.1218)
|
|
disco |
Released
(47.0.2526.73-0ubuntu1.1218)
|
|
precise |
Does not exist
(precise was ignored)
|
|
trusty |
Does not exist
(trusty was released [47.0.2526.73-0ubuntu0.14.04.1.1106])
|
|
upstream |
Released
|
|
utopic |
Ignored
(reached end-of-life)
|
|
vivid |
Released
(47.0.2526.73-0ubuntu0.15.04.1.1190)
|
|
wily |
Released
(47.0.2526.73-0ubuntu0.15.10.1.1215)
|
|
xenial |
Released
(47.0.2526.73-0ubuntu1.1218)
|
|
yakkety |
Released
(47.0.2526.73-0ubuntu1.1218)
|
|
zesty |
Released
(47.0.2526.73-0ubuntu1.1218)
|
|
ffmpeg Launchpad, Ubuntu, Debian |
artful |
Not vulnerable
(7:2.8.3-1)
|
bionic |
Not vulnerable
(7:2.8.3-1)
|
|
cosmic |
Not vulnerable
(7:2.8.3-1)
|
|
disco |
Not vulnerable
(7:2.8.3-1)
|
|
precise |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(2.5.6,2.6.2)
|
|
utopic |
Does not exist
|
|
vivid |
Released
(7:2.5.6-0ubuntu0.15.04.1)
|
|
wily |
Not vulnerable
(7:2.7.3-0ubuntu0.15.10.1)
|
|
xenial |
Not vulnerable
(7:2.8.3-1)
|
|
yakkety |
Not vulnerable
(7:2.8.3-1)
|
|
zesty |
Not vulnerable
(7:2.8.3-1)
|
|
Patches: upstream: https://github.com/FFmpeg/FFmpeg/commit/dfce316c12d867400fb132ff5094163e3d2634a3 upstream: https://github.com/FFmpeg/FFmpeg/commit/f7e1367f58263593e6cee3c282f7277d7ee9d553 |
||
libav Launchpad, Ubuntu, Debian |
artful |
Does not exist
|
bionic |
Does not exist
|
|
cosmic |
Does not exist
|
|
disco |
Does not exist
|
|
precise |
Does not exist
(precise was released [4:0.8.17-0ubuntu0.12.04.2])
|
|
trusty |
Released
(6:9.20-0ubuntu0.14.04.1+esm1)
|
|
upstream |
Released
(11.4)
|
|
utopic |
Ignored
(reached end-of-life)
|
|
vivid |
Ignored
(reached end-of-life)
|
|
wily |
Does not exist
|
|
xenial |
Does not exist
|
|
yakkety |
Does not exist
|
|
zesty |
Does not exist
|
|
Patches: upstream: https://git.libav.org/?p=libav.git;a=commit;h=5ecabd3c54b7c802522dc338838c9a4c2dc42948 |
||
oxide-qt Launchpad, Ubuntu, Debian |
artful |
Not vulnerable
(1.17.9-0ubuntu1)
|
bionic |
Does not exist
|
|
cosmic |
Does not exist
|
|
disco |
Does not exist
|
|
precise |
Does not exist
|
|
trusty |
Does not exist
(trusty was not-affected [1.19.4-0ubuntu0.14.04.1])
|
|
upstream |
Not vulnerable
(1.19.4)
|
|
utopic |
Ignored
(reached end-of-life)
|
|
vivid |
Ignored
(reached end-of-life)
|
|
wily |
Ignored
(reached end-of-life)
|
|
xenial |
Not vulnerable
(1.19.4-0ubuntu0.16.04.1)
|
|
yakkety |
Not vulnerable
(1.19.4-0ubuntu0.16.10.1)
|
|
zesty |
Not vulnerable
(1.17.9-0ubuntu1)
|