CVE-2015-3395
Description
The msrle_decode_pal4 function in msrledec.c in Libav before 10.7 and 11.x before 11.4 and FFmpeg before 2.0.7, 2.2.x before 2.2.15, 2.4.x before 2.4.8, 2.5.x before 2.5.6, and 2.6.x before 2.6.2 allows remote attackers to have unspecified impact via a crafted image, related to a pixel pointer, which triggers an out-of-bounds array access.
Risk Information
Base Score
9.8
MODERATE
Vector
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
0.791
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Multimedia player, server, encoder and transcoder (USN-2103-1) libavcodec53_0.8.17-0ubuntu0.12.04.2_i386.deb | Linux |
| Multimedia player, server, encoder and transcoder (USN-2103-1) libavcodec53_0.8.17-0ubuntu0.12.04.2_amd64.deb | Linux |
| Multimedia player, server, encoder and transcoder (USN-2103-1) libavformat53_0.8.17-0ubuntu0.12.04.2_i386.deb | Linux |
| Multimedia player, server, encoder and transcoder (USN-2103-1) libavformat53_0.8.17-0ubuntu0.12.04.2_amd64.deb | Linux |
| Multimedia player, server, encoder and transcoder (USN-2944-1) libavcodec53_0.8.17-0ubuntu0.12.04.2_i386.deb | Linux |
| Multimedia player, server, encoder and transcoder (USN-2944-1) libavcodec53_0.8.17-0ubuntu0.12.04.2_amd64.deb | Linux |
| Multimedia player, server, encoder and transcoder (USN-2944-1) libavformat53_0.8.17-0ubuntu0.12.04.2_i386.deb | Linux |
| Multimedia player, server, encoder and transcoder (USN-2944-1) libavformat53_0.8.17-0ubuntu0.12.04.2_amd64.deb | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234