Lucene search

[email protected]CVE-2015-6823

HistorySep 06, 2015 - 2:59 a.m.

CVE-2015-6823

2015-09-0602:59:00

CWE-17

[email protected]

web.nvd.nist.gov

cve-2015-6823

libavcodec

alac.c

ffmpeg

denial of service

segmentation violation

apple lossless audio codec

vulnerability

8.9 High

AI Score

Confidence

High

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.004 Low

EPSS

Percentile

71.8%

JSON

The allocate_buffers function in libavcodec/alac.c in FFmpeg before 2.7.2 does not initialize certain context data, which allows remote attackers to cause a denial of service (segmentation violation) or possibly have unspecified other impact via crafted Apple Lossless Audio Codec (ALAC) data.

CPENameOperatorVersion
ffmpeg:ffmpegffmpegle2.7.1

CPE	Name	Operator	Version
ffmpeg:ffmpeg	ffmpeg	le	2.7.1

References

ffmpeg.org/security.html

git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=f7068bf277a37479aecde2832208d820682b35e6

www.securitytracker.com/id/1033483

lists.debian.org/debian-lts-announce/2018/12/msg00010.html

8.9 High

AI Score

Confidence

High

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.004 Low

EPSS

Percentile

71.8%

JSON

Related for CVE-2015-6823

cvelist1 prion1 veracode1 debiancve1 ubuntucve1 osv1 nessus2 debian2 freebsd1 mageia1 openvas3