CVE-2015-3395

EPSS 1.0%

libav - security update

發布日:2015/6/16修改日:2026/4/28

也稱為:DEBIAN-CVE-2015-3395

描述

The msrle_decode_pal4 function in msrledec.c in Libav before 10.7 and 11.x before 11.4 and FFmpeg before 2.0.7, 2.2.x before 2.2.15, 2.4.x before 2.4.8, 2.5.x before 2.5.6, and 2.6.x before 2.6.2 allows remote attackers to have unspecified impact via a crafted image, related to a pixel pointer, which triggers an out-of-bounds array access.

受影響套件(2)

Debian/ffmpegfrom 0, < 7:2.6.2-1
Debian/libavfrom 0, < 6:11.4-1~deb8u1

參考連結(1)

ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2015-3395