FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

ffmpeg -- out-of-bounds array access

Affected packages
11.0 <= libav < 11.4
libav < 10.7
gstreamer1-libav < 1.5.1
handbrake < 1.2.0
2.2.0,1 <= ffmpeg < 2.2.15,1
ffmpeg < 2.0.7,1
ffmpeg26 < 2.6.2
ffmpeg25 < 2.5.6
ffmpeg24 < 2.4.8
0 <= ffmpeg23
0 <= ffmpeg1
avidemux < 2.6.11
avidemux26 < 2.6.11
kodi < 15.1
mencoder < 1.1.r20150403
mplayer < 1.1.r20150403
mythtv <= 0.27.5,1
mythtv-frontend <= 0.27.5,1

Details

VuXML ID 80c66af0-d1c5-449e-bd31-63b12525ff88
Discovery 2015-04-12
Entry 2015-09-01
Modified 2018-03-25

NVD reports:

The msrle_decode_pal4 function in msrledec.c in Libav before 10.7 and 11.x before 11.4 and FFmpeg before 2.0.7, 2.2.x before 2.2.15, 2.4.x before 2.4.8, 2.5.x before 2.5.6, and 2.6.x before 2.6.2 allows remote attackers to have unspecified impact via a crafted image, related to a pixel pointer, which triggers an out-of-bounds array access.

References

CVE Name CVE-2015-3395
URL https://ffmpeg.org/security.html
URL https://git.libav.org/?p=libav.git;a=blob;f=Changelog;hb=refs/tags/v11.4
URL https://git.libav.org/?p=libav.git;a=commit;h=5ecabd3c54b7c802522dc338838c9a4c2dc42948
URL https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=f7e1367f58263593e6cee3c282f7277d7ee9d553