FreeBSD : ffmpeg -- out-of-bounds array access (80c66af0-d1c5-449e-bd31-63b12525ff88)

This script is Copyright (C) 2015 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing one or more security-related
updates.

Description :

NVD reports :

The msrle_decode_pal4 function in msrledec.c in Libav before 10.7 and
11.x before 11.4 and FFmpeg before 2.0.7, 2.2.x before 2.2.15, 2.4.x
before 2.4.8, 2.5.x before 2.5.6, and 2.6.x before 2.6.2 allows remote
attackers to have unspecified impact via a crafted image, related to a
pixel pointer, which triggers an out-of-bounds array access.

See also :

http://www.nessus.org/u?05de5eb4
http://www.nessus.org/u?1eb8341d
https://ffmpeg.org/security.html
http://www.nessus.org/u?d326e854
http://www.nessus.org/u?8b0bf667

Solution :

Update the affected packages.

Risk factor :

Medium / CVSS Base Score : 6.8
(CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 85729 ()

Bugtraq ID:

CVE ID: CVE-2015-3395

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now