CVE-2015-3395 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2015-3395 Interim 1 3 2021-12-09T01:09:51Z current 2021-08-02T23:58:49Z 2021-12-09T01:09:51Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2015-3395 The msrle_decode_pal4 function in msrledec.c in Libav before 10.7 and 11.x before 11.4 and FFmpeg before 2.0.7, 2.2.x before 2.2.15, 2.4.x before 2.4.8, 2.5.x before 2.5.6, and 2.6.x before 2.6.2 allows remote attackers to have unspecified impact via a crafted image, related to a pixel pointer, which triggers an out-of-bounds array access. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://www.suse.com/support/security/rating/ SUSE Security Ratings openSUSE Tumbleweed libav-tools-12.3-1.17 libav-tools-12.3-1.17 as a component of openSUSE Tumbleweed The msrle_decode_pal4 function in msrledec.c in Libav before 10.7 and 11.x before 11.4 and FFmpeg before 2.0.7, 2.2.x before 2.2.15, 2.4.x before 2.4.8, 2.5.x before 2.5.6, and 2.6.x before 2.6.2 allows remote attackers to have unspecified impact via a crafted image, related to a pixel pointer, which triggers an out-of-bounds array access. CVE-2015-3395 openSUSE Tumbleweed:libav-tools-12.3-1.17 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P