Lucene search

[email protected]CVE-2015-6824

HistorySep 06, 2015 - 2:59 a.m.

CVE-2015-6824

2015-09-0602:59:00

CWE-20

[email protected]

web.nvd.nist.gov

cve-2015-6824

sws_init_context

libswscale

ffmpeg

denial of service

segmentation violation

video data

9.2 High

AI Score

Confidence

High

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.006 Low

EPSS

Percentile

78.0%

JSON

The sws_init_context function in libswscale/utils.c in FFmpeg before 2.7.2 does not initialize certain pixbuf data structures, which allows remote attackers to cause a denial of service (segmentation violation) or possibly have unspecified other impact via crafted video data.

CPENameOperatorVersion
ffmpeg:ffmpegffmpegle2.7.1
canonical:ubuntu_linuxcanonical ubuntu linuxeq12.04

CPE	Name	Operator	Version
ffmpeg:ffmpeg	ffmpeg	le	2.7.1
canonical:ubuntu_linux	canonical ubuntu linux	eq	12.04

References

ffmpeg.org/security.html

git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=a5d44d5c220e12ca0cb7a4eceb0f74759cb13111

www.securitytracker.com/id/1033483

www.ubuntu.com/usn/USN-2944-1

lists.debian.org/debian-lts-announce/2018/12/msg00010.html

9.2 High

AI Score

Confidence

High

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.006 Low

EPSS

Percentile

78.0%

JSON

Related for CVE-2015-6824

prion1 debiancve1 veracode1 ubuntucve1 cvelist1 osv1 nessus3 debian2 freebsd1 openvas4 ubuntu1 mageia1