Lucene search

[email protected]CVE-2015-6818

HistorySep 06, 2015 - 2:59 a.m.

CVE-2015-6818

2015-09-0602:59:00

CWE-17

[email protected]

web.nvd.nist.gov

cve

2015

6818

ffmpeg

denial of service

security vulnerability

nvd

array access

out-of-bounds

image header

png

9.2 High

AI Score

Confidence

High

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.004 Low

EPSS

Percentile

72.8%

JSON

The decode_ihdr_chunk function in libavcodec/pngdec.c in FFmpeg before 2.7.2 does not enforce uniqueness of the IHDR (aka image header) chunk in a PNG image, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via a crafted image with two or more of these chunks.

CPENameOperatorVersion
ffmpeg:ffmpegffmpegle2.7.1
canonical:ubuntu_linuxcanonical ubuntu linuxeq12.04

CPE	Name	Operator	Version
ffmpeg:ffmpeg	ffmpeg	le	2.7.1
canonical:ubuntu_linux	canonical ubuntu linux	eq	12.04

References

ffmpeg.org/security.html

git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=47f4e2d8960ca756ca153ab8e3e93d80449b8c91

www.securitytracker.com/id/1033483

www.ubuntu.com/usn/USN-2944-1

lists.debian.org/debian-lts-announce/2018/12/msg00009.html

9.2 High

AI Score

Confidence

High

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.004 Low

EPSS

Percentile

72.8%

JSON

Related for CVE-2015-6818

prion1 debiancve1 veracode1 ubuntucve1 nessus2 freebsd1 openvas4 ubuntu1 osv1 mageia1 debian1