Description
The msrle_decode_pal4 function in msrledec.c in Libav before 10.7 and 11.x before 11.4 and FFmpeg before 2.0.7, 2.2.x before 2.2.15, 2.4.x before 2.4.8, 2.5.x before 2.5.6, and 2.6.x before 2.6.2 allows remote attackers to have unspecified impact via a crafted image, related to a pixel pointer, which triggers an out-of-bounds array access.
References (8)
Core 8
Core References
Various Sources x_refsource_confirm
https://git.libav.org/?p=libav.git%3Ba=blob%3Bf=Changelog%3Bhb=refs/tags/v11.4
Third Party Advisory vendor-advisory
x_refsource_gentoo
https://security.gentoo.org/glsa/201705-08
Vendor Advisory vendor-advisory
x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-2944-1
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2015/dsa-3288
Patch x_refsource_confirm
http://git.videolan.org/?p=ffmpeg.git%3Ba=commitdiff%3Bh=f7e1367f58263593e6cee3c282f7277d7ee9d553
Third Party Advisory vendor-advisory
x_refsource_gentoo
https://security.gentoo.org/glsa/201603-06
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/74433
Vendor Advisory x_refsource_confirm
https://www.ffmpeg.org/security.html
Scores
EPSS
0.0105
EPSS Percentile
77.8%
Details
CWE
CWE-119
Status
published
Products (38)
canonical/ubuntu_linux
12.04
ffmpeg/ffmpeg
2.0.6
ffmpeg/ffmpeg
2.2.0
ffmpeg/ffmpeg
2.2.1
ffmpeg/ffmpeg
2.2.2
ffmpeg/ffmpeg
2.2.3
ffmpeg/ffmpeg
2.2.4
ffmpeg/ffmpeg
2.2.5
ffmpeg/ffmpeg
2.2.6
ffmpeg/ffmpeg
2.2.7
... and 28 more
Published
Jun 16, 2015
Tracked Since
Feb 18, 2026