CVE-2015-3395

NameCVE-2015-3395
DescriptionThe msrle_decode_pal4 function in msrledec.c in Libav before 10.7 and 11.x before 11.4 and FFmpeg before 2.0.7, 2.2.x before 2.2.15, 2.4.x before 2.4.8, 2.5.x before 2.5.6, and 2.6.x before 2.6.2 allows remote attackers to have unspecified impact via a crafted image, related to a pixel pointer, which triggers an out-of-bounds array access.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub advisories/code/issues, web search, more)
ReferencesDSA-3288-1

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
ffmpeg (PTS)buster7:4.1.9-0+deb10u1fixed
buster (security)7:4.1.10-0+deb10u1fixed
bullseye7:4.3.4-0+deb11u1fixed
bullseye (security)7:4.3.5-0+deb11u1fixed
bookworm, sid7:5.1.2-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
chromium-browsersource(unstable)(not affected)
ffmpegsourcesqueeze(unfixed)end-of-life
ffmpegsource(unstable)7:2.6.2-1
libavsourcewheezy(not affected)
libavsourcejessie6:11.4-1~deb8u1DSA-3288-1
libavsource(unstable)6:11.4-1

Notes

[squeeze] - ffmpeg <end-of-life> (Not supported in Squeeze LTS)
Patch in ffmpeg: https://github.com/FFmpeg/FFmpeg/commit/f7e1367f58263593e6cee3c282f7277d7ee9d553
Patch in libav: https://git.libav.org/?p=libav.git;a=commit;h=5ecabd3c54b7c802522dc338838c9a4c2dc42948

Search for package or bug name: Reporting problems