CVE-2015-3395
Published: 16 June 2015
The msrle_decode_pal4 function in msrledec.c in Libav before 10.7 and 11.x before 11.4 and FFmpeg before 2.0.7, 2.2.x before 2.2.15, 2.4.x before 2.4.8, 2.5.x before 2.5.6, and 2.6.x before 2.6.2 allows remote attackers to have unspecified impact via a crafted image, related to a pixel pointer, which triggers an out-of-bounds array access.
From the Ubuntu Security Team
It was discovered that Libav incorrectly handled certain media files. An attacker could possibly use this issue to cause a denial of service or other unspecified impact.
Priority
Status
| Package | Release | Status |
|---|---|---|
|
chromium-browser Launchpad, Ubuntu, Debian |
artful |
Released
(47.0.2526.73-0ubuntu1.1218)
|
| bionic |
Released
(47.0.2526.73-0ubuntu1.1218)
|
|
| cosmic |
Released
(47.0.2526.73-0ubuntu1.1218)
|
|
| disco |
Released
(47.0.2526.73-0ubuntu1.1218)
|
|
| precise |
Ignored
|
|
| trusty |
Released
(47.0.2526.73-0ubuntu0.14.04.1.1106)
|
|
| upstream |
Released
|
|
| utopic |
Ignored
(end of life)
|
|
| vivid |
Released
(47.0.2526.73-0ubuntu0.15.04.1.1190)
|
|
| wily |
Released
(47.0.2526.73-0ubuntu0.15.10.1.1215)
|
|
| xenial |
Released
(47.0.2526.73-0ubuntu1.1218)
|
|
| yakkety |
Released
(47.0.2526.73-0ubuntu1.1218)
|
|
| zesty |
Released
(47.0.2526.73-0ubuntu1.1218)
|
|
|
ffmpeg Launchpad, Ubuntu, Debian |
artful |
Not vulnerable
(7:2.8.3-1)
|
| bionic |
Not vulnerable
(7:2.8.3-1)
|
|
| cosmic |
Not vulnerable
(7:2.8.3-1)
|
|
| disco |
Not vulnerable
(7:2.8.3-1)
|
|
| precise |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(2.5.6,2.6.2)
|
|
| utopic |
Does not exist
|
|
| vivid |
Released
(7:2.5.6-0ubuntu0.15.04.1)
|
|
| wily |
Not vulnerable
(7:2.7.3-0ubuntu0.15.10.1)
|
|
| xenial |
Not vulnerable
(7:2.8.3-1)
|
|
| yakkety |
Not vulnerable
(7:2.8.3-1)
|
|
| zesty |
Not vulnerable
(7:2.8.3-1)
|
|
|
Patches: upstream: https://github.com/FFmpeg/FFmpeg/commit/dfce316c12d867400fb132ff5094163e3d2634a3 upstream: https://github.com/FFmpeg/FFmpeg/commit/f7e1367f58263593e6cee3c282f7277d7ee9d553 |
||
|
libav Launchpad, Ubuntu, Debian |
artful |
Does not exist
|
| bionic |
Does not exist
|
|
| cosmic |
Does not exist
|
|
| disco |
Does not exist
|
|
| precise |
Released
(4:0.8.17-0ubuntu0.12.04.2)
|
|
| trusty |
Released
(6:9.20-0ubuntu0.14.04.1+esm1)
Available with Ubuntu Pro or Ubuntu Pro (Infra-only) |
|
| upstream |
Released
(11.4)
|
|
| utopic |
Ignored
(end of life)
|
|
| vivid |
Ignored
(end of life)
|
|
| wily |
Does not exist
|
|
| xenial |
Does not exist
|
|
| yakkety |
Does not exist
|
|
| zesty |
Does not exist
|
|
|
Patches: upstream: https://git.libav.org/?p=libav.git;a=commit;h=5ecabd3c54b7c802522dc338838c9a4c2dc42948 |
||
|
oxide-qt Launchpad, Ubuntu, Debian |
artful |
Not vulnerable
(1.17.9-0ubuntu1)
|
| bionic |
Does not exist
|
|
| cosmic |
Does not exist
|
|
| disco |
Does not exist
|
|
| precise |
Does not exist
|
|
| trusty |
Does not exist
(trusty was not-affected [1.19.4-0ubuntu0.14.04.1])
|
|
| upstream |
Not vulnerable
(1.19.4)
|
|
| utopic |
Ignored
(end of life)
|
|
| vivid |
Ignored
(end of life)
|
|
| wily |
Ignored
(end of life)
|
|
| xenial |
Not vulnerable
(1.19.4-0ubuntu0.16.04.1)
|
|
| yakkety |
Not vulnerable
(1.19.4-0ubuntu0.16.10.1)
|
|
| zesty |
Not vulnerable
(1.17.9-0ubuntu1)
|
|