Lucene search

[email protected]CVE-2015-6826

HistorySep 06, 2015 - 2:59 a.m.

CVE-2015-6826

2015-09-0602:59:00

CWE-20

[email protected]

web.nvd.nist.gov

cve-2015-6826

ffmpeg

denial of service

invalid pointer access

rv30

rv40

realvideo

nvd

9.3 High

AI Score

Confidence

High

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.006 Low

EPSS

Percentile

78.0%

JSON

The ff_rv34_decode_init_thread_copy function in libavcodec/rv34.c in FFmpeg before 2.7.2 does not initialize certain structure members, which allows remote attackers to cause a denial of service (invalid pointer access) or possibly have unspecified other impact via crafted (1) RV30 or (2) RV40 RealVideo data.

CPENameOperatorVersion
canonical:ubuntu_linuxcanonical ubuntu linuxeq12.04
ffmpeg:ffmpegffmpegle2.7.1

CPE	Name	Operator	Version
canonical:ubuntu_linux	canonical ubuntu linux	eq	12.04
ffmpeg:ffmpeg	ffmpeg	le	2.7.1

References

ffmpeg.org/security.html

git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=3197c0aa87a3b7190e17d49e6fbc7b554e4b3f0a

www.securitytracker.com/id/1033483

www.ubuntu.com/usn/USN-2944-1

lists.debian.org/debian-lts-announce/2018/12/msg00009.html

9.3 High

AI Score

Confidence

High

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.006 Low

EPSS

Percentile

78.0%

JSON

Related for CVE-2015-6826

veracode1 prion1 cvelist1 debiancve1 ubuntucve1 nessus2 freebsd1 openvas4 ubuntu1 osv1 mageia1 debian1