Lucene search

K
nvd[email protected]NVD:CVE-2015-8365
HistoryNov 26, 2015 - 5:59 p.m.

CVE-2015-8365

2015-11-2617:59:03
CWE-119
web.nvd.nist.gov
6

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

9.6

Confidence

High

EPSS

0.004

Percentile

72.7%

The smka_decode_frame function in libavcodec/smacker.c in FFmpeg before 2.6.5, 2.7.x before 2.7.3, and 2.8.x through 2.8.2 does not verify that the data size is consistent with the number of channels, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted Smacker data.

Affected configurations

Nvd
Node
canonicalubuntu_linuxMatch12.04lts
Node
ffmpegffmpegMatch2.6.4
OR
ffmpegffmpegMatch2.7.0
OR
ffmpegffmpegMatch2.7.1
OR
ffmpegffmpegMatch2.7.2
OR
ffmpegffmpegMatch2.8.0
OR
ffmpegffmpegMatch2.8.1
OR
ffmpegffmpegMatch2.8.2

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

9.6

Confidence

High

EPSS

0.004

Percentile

72.7%