Lucene search

K
ubuntucveUbuntu.comUB:CVE-2015-6823
HistorySep 06, 2015 - 12:00 a.m.

CVE-2015-6823

2015-09-0600:00:00
ubuntu.com
ubuntu.com
16

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

EPSS

0.004

Percentile

72.1%

The allocate_buffers function in libavcodec/alac.c in FFmpeg before 2.7.2
does not initialize certain context data, which allows remote attackers to
cause a denial of service (segmentation violation) or possibly have
unspecified other impact via crafted Apple Lossless Audio Codec (ALAC)
data.

Notes

Author Note
mdeslaur libav in precise doesn’t look vulnerable
ebarretto as of 2018-09-27, no equivalent fix in libav

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

EPSS

0.004

Percentile

72.1%