Vulnerability Details : CVE-2015-6826
The ff_rv34_decode_init_thread_copy function in libavcodec/rv34.c in FFmpeg before 2.7.2 does not initialize certain structure members, which allows remote attackers to cause a denial of service (invalid pointer access) or possibly have unspecified other impact via crafted (1) RV30 or (2) RV40 RealVideo data.
Vulnerability category: Input validationDenial of service
Products affected by CVE-2015-6826
- cpe:2.3:a:ffmpeg:ffmpeg:*:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2015-6826
0.58%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 75 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2015-6826
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST |
CWE ids for CVE-2015-6826
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2015-6826
-
http://git.videolan.org/?p=ffmpeg.git;a=commit;h=3197c0aa87a3b7190e17d49e6fbc7b554e4b3f0a
git.videolan.org Git - ffmpeg.git/commit
-
http://www.securitytracker.com/id/1033483
FFmpeg Multiple Bugs Let Remote Users Cause the Target Service to Crash - SecurityTracker
-
http://ffmpeg.org/security.html
FFmpeg Security
-
http://www.ubuntu.com/usn/USN-2944-1
USN-2944-1: Libav vulnerabilities | Ubuntu security notices
-
https://lists.debian.org/debian-lts-announce/2018/12/msg00009.html
[SECURITY] [DLA 1611-1] libav security update
Jump to