CVE-2015-3395
Description
An out-of-bounds array access in Libav/FFmpeg's msrledec.c msrle_decode_pal4 function allows remote code execution via crafted image files.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
An out-of-bounds array access in Libav/FFmpeg's msrledec.c msrle_decode_pal4 function allows remote code execution via crafted image files.
Vulnerability
An out-of-bounds array access vulnerability exists in the msrle_decode_pal4 function in msrledec.c of Libav before 10.7 and 11.x before 11.4 and FFmpeg before 2.0.7, 2.2.x before 2.2.15, 2.4.x before 2.4.8, 2.5.x before 2.5.6, and 2.6.x before 2.6.2. The bug is triggered by a crafted image that manipulates a pixel pointer, leading to memory corruption [1][2].
Exploitation
An attacker can exploit this vulnerability by crafting a malicious media file (e.g., an image or video that uses the MS RLE codec) and convincing a user to open it with an application linked against an affected version of Libav/FFmpeg. No special network position or authentication is required beyond delivering the file to the victim [2][4].
Impact
Successful exploitation could allow an attacker to execute arbitrary code with the privileges of the user running the affected application, cause a denial of service (application crash), or potentially access the content of arbitrary local files [2][4].
Mitigation
Users should upgrade to Libav version 10.7 or 11.4, or FFmpeg version 2.0.7, 2.2.15, 2.4.8, 2.5.6, or 2.6.2, as appropriate. The fix commit is f7e1367f58263593e6cee3c282f7277d7ee9d553 in the FFmpeg repository [3]. Ubuntu USN-2944-1 and Gentoo GLSA 201705-08 provide updated packages [2][4]. No workaround is available [4].
AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
41cpe:2.3:a:ffmpeg:ffmpeg:2.0.6:*:*:*:*:*:*:*+ 32 more
- cpe:2.3:a:ffmpeg:ffmpeg:2.0.6:*:*:*:*:*:*:*
- cpe:2.3:a:ffmpeg:ffmpeg:2.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:ffmpeg:ffmpeg:2.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:ffmpeg:ffmpeg:2.2.10:*:*:*:*:*:*:*
- cpe:2.3:a:ffmpeg:ffmpeg:2.2.11:*:*:*:*:*:*:*
- cpe:2.3:a:ffmpeg:ffmpeg:2.2.12:*:*:*:*:*:*:*
- cpe:2.3:a:ffmpeg:ffmpeg:2.2.13:*:*:*:*:*:*:*
- cpe:2.3:a:ffmpeg:ffmpeg:2.2.14:*:*:*:*:*:*:*
- cpe:2.3:a:ffmpeg:ffmpeg:2.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:ffmpeg:ffmpeg:2.2.3:*:*:*:*:*:*:*
- cpe:2.3:a:ffmpeg:ffmpeg:2.2.4:*:*:*:*:*:*:*
- cpe:2.3:a:ffmpeg:ffmpeg:2.2.5:*:*:*:*:*:*:*
- cpe:2.3:a:ffmpeg:ffmpeg:2.2.6:*:*:*:*:*:*:*
- cpe:2.3:a:ffmpeg:ffmpeg:2.2.7:*:*:*:*:*:*:*
- cpe:2.3:a:ffmpeg:ffmpeg:2.2.8:*:*:*:*:*:*:*
- cpe:2.3:a:ffmpeg:ffmpeg:2.2.9:*:*:*:*:*:*:*
- cpe:2.3:a:ffmpeg:ffmpeg:2.4.0:*:*:*:*:*:*:*
- cpe:2.3:a:ffmpeg:ffmpeg:2.4.1:*:*:*:*:*:*:*
- cpe:2.3:a:ffmpeg:ffmpeg:2.4.2:*:*:*:*:*:*:*
- cpe:2.3:a:ffmpeg:ffmpeg:2.4.3:*:*:*:*:*:*:*
- cpe:2.3:a:ffmpeg:ffmpeg:2.4.4:*:*:*:*:*:*:*
- cpe:2.3:a:ffmpeg:ffmpeg:2.4.5:*:*:*:*:*:*:*
- cpe:2.3:a:ffmpeg:ffmpeg:2.4.6:*:*:*:*:*:*:*
- cpe:2.3:a:ffmpeg:ffmpeg:2.4.7:*:*:*:*:*:*:*
- cpe:2.3:a:ffmpeg:ffmpeg:2.5.0:*:*:*:*:*:*:*
- cpe:2.3:a:ffmpeg:ffmpeg:2.5.1:*:*:*:*:*:*:*
- cpe:2.3:a:ffmpeg:ffmpeg:2.5.2:*:*:*:*:*:*:*
- cpe:2.3:a:ffmpeg:ffmpeg:2.5.3:*:*:*:*:*:*:*
- cpe:2.3:a:ffmpeg:ffmpeg:2.5.4:*:*:*:*:*:*:*
- cpe:2.3:a:ffmpeg:ffmpeg:2.5.5:*:*:*:*:*:*:*
- cpe:2.3:a:ffmpeg:ffmpeg:2.6.0:*:*:*:*:*:*:*
- cpe:2.3:a:ffmpeg:ffmpeg:2.6.1:*:*:*:*:*:*:*
- (no CPE)range: <2.0.7, 2.2.x <2.2.15, 2.4.x <2.4.8, 2.5.x <2.5.6, 2.6.x <2.6.2
cpe:2.3:a:libav:libav:*:*:*:*:*:*:*:*+ 5 more
- cpe:2.3:a:libav:libav:*:*:*:*:*:*:*:*range: <=10.6
- cpe:2.3:a:libav:libav:11.0:*:*:*:*:*:*:*
- cpe:2.3:a:libav:libav:11.1:*:*:*:*:*:*:*
- cpe:2.3:a:libav:libav:11.2:*:*:*:*:*:*:*
- cpe:2.3:a:libav:libav:11.3:*:*:*:*:*:*:*
- (no CPE)range: <10.7, 11.x <11.4
- cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
8News mentions
0No linked articles in our index yet.