CVE-2015-5479 — Libav vulnerability

CWE-1895 documents5 sources

Severity

6.5MEDIUMNVD

EPSS

1.3%

top 20.05%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Libav Opensuse Leap Ubuntu +1 more

Timeline

PublishedApr 19

Latest updateMay 14

Description

The ff_h263_decode_mba function in libavcodec/ituh263dec.c in Libav before 11.5 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a file with crafted dimensions.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages5 packages

▶Ubuntulibav/libav< 6:9.20-0ubuntu0.14.04.1+esm1

▶NVDlibav/libav11.4

▶NVDopensuse/leap42.1

▶NVDubuntu/ubuntu12.04

▶debiandebian/ffmpeg

🔴Vulnerability Details

GHSA

GHSA-73wj-87qj-vf4x: The ff_h263_decode_mba function in libavcodec/ituh263dec↗2022-05-14

▶

OSV

CVE-2015-5479: The ff_h263_decode_mba function in libavcodec/ituh263dec↗2015-10-09

▶

📋Vendor Advisories

Ubuntu

Libav vulnerabilities↗2016-04-04

▶

Debian

CVE-2015-5479: ffmpeg - The ff_h263_decode_mba function in libavcodec/ituh263dec.c in Libav before 11.5 ...↗2015

▶