CVE-2015-3395
libav - security update
EPSS 1.0%
Description
The msrle_decode_pal4 function in msrledec.c in Libav before 10.7 and 11.x before 11.4 and FFmpeg before 2.0.7, 2.2.x before 2.2.15, 2.4.x before 2.4.8, 2.5.x before 2.5.6, and 2.6.x before 2.6.2 allows remote attackers to have unspecified impact via a crafted image, related to a pixel pointer, which triggers an out-of-bounds array access.
How to fix CVE-2015-3395
To remediate CVE-2015-3395, upgrade the affected package to a fixed version below.
- Debian/ffmpeg—upgrade to 7:2.6.2-1 or later
- Debian/libav—upgrade to 6:11.4-1~deb8u1 or later
Is CVE-2015-3395 being exploited?
Low — EPSS is 1.0%, meaning exploitation activity has not been observed at scale.
Affected packages (2)
- from 0, < 7:2.6.2-1
- from 0, < 6:11.4-1~deb8u1