Search for vulnerabilities
Vulnerability details: VCID-3cep-4f8x-aaam
Vulnerability ID VCID-3cep-4f8x-aaam
Aliases CVE-2015-6820
Summary The ff_sbr_apply function in libavcodec/aacsbr.c in FFmpeg before 2.7.2 does not check for a matching AAC frame syntax element before proceeding with Spectral Band Replication calculations, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted AAC data.
Status Published
Exploitability 0.5
Weighted Severity 6.8
Risk 3.4
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
System Score Found at
generic_textual Low http://ffmpeg.org/security.html
epss 0.00538 https://api.first.org/data/v1/epss?cve=CVE-2015-6820
epss 0.00538 https://api.first.org/data/v1/epss?cve=CVE-2015-6820
epss 0.00715 https://api.first.org/data/v1/epss?cve=CVE-2015-6820
epss 0.00715 https://api.first.org/data/v1/epss?cve=CVE-2015-6820
epss 0.00715 https://api.first.org/data/v1/epss?cve=CVE-2015-6820
epss 0.00715 https://api.first.org/data/v1/epss?cve=CVE-2015-6820
epss 0.00715 https://api.first.org/data/v1/epss?cve=CVE-2015-6820
epss 0.00715 https://api.first.org/data/v1/epss?cve=CVE-2015-6820
epss 0.00715 https://api.first.org/data/v1/epss?cve=CVE-2015-6820
epss 0.00715 https://api.first.org/data/v1/epss?cve=CVE-2015-6820
epss 0.00715 https://api.first.org/data/v1/epss?cve=CVE-2015-6820
epss 0.00715 https://api.first.org/data/v1/epss?cve=CVE-2015-6820
epss 0.00715 https://api.first.org/data/v1/epss?cve=CVE-2015-6820
epss 0.00715 https://api.first.org/data/v1/epss?cve=CVE-2015-6820
epss 0.00715 https://api.first.org/data/v1/epss?cve=CVE-2015-6820
epss 0.00715 https://api.first.org/data/v1/epss?cve=CVE-2015-6820
epss 0.00715 https://api.first.org/data/v1/epss?cve=CVE-2015-6820
epss 0.00715 https://api.first.org/data/v1/epss?cve=CVE-2015-6820
epss 0.00715 https://api.first.org/data/v1/epss?cve=CVE-2015-6820
epss 0.00715 https://api.first.org/data/v1/epss?cve=CVE-2015-6820
epss 0.00715 https://api.first.org/data/v1/epss?cve=CVE-2015-6820
epss 0.00715 https://api.first.org/data/v1/epss?cve=CVE-2015-6820
epss 0.00715 https://api.first.org/data/v1/epss?cve=CVE-2015-6820
epss 0.00715 https://api.first.org/data/v1/epss?cve=CVE-2015-6820
epss 0.00715 https://api.first.org/data/v1/epss?cve=CVE-2015-6820
epss 0.00715 https://api.first.org/data/v1/epss?cve=CVE-2015-6820
epss 0.00715 https://api.first.org/data/v1/epss?cve=CVE-2015-6820
epss 0.00715 https://api.first.org/data/v1/epss?cve=CVE-2015-6820
epss 0.00715 https://api.first.org/data/v1/epss?cve=CVE-2015-6820
epss 0.00715 https://api.first.org/data/v1/epss?cve=CVE-2015-6820
epss 0.00715 https://api.first.org/data/v1/epss?cve=CVE-2015-6820
epss 0.00715 https://api.first.org/data/v1/epss?cve=CVE-2015-6820
epss 0.00715 https://api.first.org/data/v1/epss?cve=CVE-2015-6820
epss 0.00715 https://api.first.org/data/v1/epss?cve=CVE-2015-6820
epss 0.00715 https://api.first.org/data/v1/epss?cve=CVE-2015-6820
epss 0.00715 https://api.first.org/data/v1/epss?cve=CVE-2015-6820
epss 0.00715 https://api.first.org/data/v1/epss?cve=CVE-2015-6820
epss 0.00715 https://api.first.org/data/v1/epss?cve=CVE-2015-6820
epss 0.00715 https://api.first.org/data/v1/epss?cve=CVE-2015-6820
epss 0.00715 https://api.first.org/data/v1/epss?cve=CVE-2015-6820
epss 0.00715 https://api.first.org/data/v1/epss?cve=CVE-2015-6820
epss 0.00715 https://api.first.org/data/v1/epss?cve=CVE-2015-6820
epss 0.00715 https://api.first.org/data/v1/epss?cve=CVE-2015-6820
epss 0.00715 https://api.first.org/data/v1/epss?cve=CVE-2015-6820
epss 0.00715 https://api.first.org/data/v1/epss?cve=CVE-2015-6820
epss 0.00715 https://api.first.org/data/v1/epss?cve=CVE-2015-6820
epss 0.00715 https://api.first.org/data/v1/epss?cve=CVE-2015-6820
epss 0.00715 https://api.first.org/data/v1/epss?cve=CVE-2015-6820
epss 0.00715 https://api.first.org/data/v1/epss?cve=CVE-2015-6820
epss 0.00715 https://api.first.org/data/v1/epss?cve=CVE-2015-6820
epss 0.00715 https://api.first.org/data/v1/epss?cve=CVE-2015-6820
epss 0.00715 https://api.first.org/data/v1/epss?cve=CVE-2015-6820
epss 0.00715 https://api.first.org/data/v1/epss?cve=CVE-2015-6820
epss 0.00715 https://api.first.org/data/v1/epss?cve=CVE-2015-6820
epss 0.00715 https://api.first.org/data/v1/epss?cve=CVE-2015-6820
epss 0.00715 https://api.first.org/data/v1/epss?cve=CVE-2015-6820
epss 0.00715 https://api.first.org/data/v1/epss?cve=CVE-2015-6820
epss 0.00715 https://api.first.org/data/v1/epss?cve=CVE-2015-6820
epss 0.00715 https://api.first.org/data/v1/epss?cve=CVE-2015-6820
epss 0.00715 https://api.first.org/data/v1/epss?cve=CVE-2015-6820
epss 0.00715 https://api.first.org/data/v1/epss?cve=CVE-2015-6820
epss 0.00715 https://api.first.org/data/v1/epss?cve=CVE-2015-6820
epss 0.00715 https://api.first.org/data/v1/epss?cve=CVE-2015-6820
epss 0.00715 https://api.first.org/data/v1/epss?cve=CVE-2015-6820
epss 0.00715 https://api.first.org/data/v1/epss?cve=CVE-2015-6820
epss 0.00715 https://api.first.org/data/v1/epss?cve=CVE-2015-6820
epss 0.00715 https://api.first.org/data/v1/epss?cve=CVE-2015-6820
epss 0.00715 https://api.first.org/data/v1/epss?cve=CVE-2015-6820
epss 0.00715 https://api.first.org/data/v1/epss?cve=CVE-2015-6820
epss 0.00762 https://api.first.org/data/v1/epss?cve=CVE-2015-6820
epss 0.00762 https://api.first.org/data/v1/epss?cve=CVE-2015-6820
epss 0.00762 https://api.first.org/data/v1/epss?cve=CVE-2015-6820
epss 0.00762 https://api.first.org/data/v1/epss?cve=CVE-2015-6820
epss 0.00762 https://api.first.org/data/v1/epss?cve=CVE-2015-6820
epss 0.00762 https://api.first.org/data/v1/epss?cve=CVE-2015-6820
epss 0.00762 https://api.first.org/data/v1/epss?cve=CVE-2015-6820
epss 0.00762 https://api.first.org/data/v1/epss?cve=CVE-2015-6820
epss 0.00762 https://api.first.org/data/v1/epss?cve=CVE-2015-6820
epss 0.00762 https://api.first.org/data/v1/epss?cve=CVE-2015-6820
epss 0.00762 https://api.first.org/data/v1/epss?cve=CVE-2015-6820
epss 0.00762 https://api.first.org/data/v1/epss?cve=CVE-2015-6820
epss 0.00762 https://api.first.org/data/v1/epss?cve=CVE-2015-6820
epss 0.00887 https://api.first.org/data/v1/epss?cve=CVE-2015-6820
epss 0.00887 https://api.first.org/data/v1/epss?cve=CVE-2015-6820
epss 0.01016 https://api.first.org/data/v1/epss?cve=CVE-2015-6820
cvssv2 7.5 https://nvd.nist.gov/vuln/detail/CVE-2015-6820
Reference id Reference type URL
http://ffmpeg.org/security.html
http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=79a98294da6cd85f8c86b34764c5e0c43b09eea3
http://git.videolan.org/?p=ffmpeg.git;a=commit;h=79a98294da6cd85f8c86b34764c5e0c43b09eea3
https://api.first.org/data/v1/epss?cve=CVE-2015-6820
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6820
https://lists.debian.org/debian-lts-announce/2018/12/msg00009.html
http://www.securitytracker.com/id/1033483
http://www.ubuntu.com/usn/USN-2944-1
cpe:2.3:a:ffmpeg:ffmpeg:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ffmpeg:ffmpeg:*:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*
CVE-2015-6820 https://nvd.nist.gov/vuln/detail/CVE-2015-6820
USN-2944-1 https://usn.ubuntu.com/2944-1/
No exploits are available.
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P Found at https://nvd.nist.gov/vuln/detail/CVE-2015-6820
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Exploit Prediction Scoring System (EPSS)
Percentile 0.77691
EPSS Score 0.00538
Published At Nov. 1, 2024, midnight
Date Actor Action Source VulnerableCode Version
There are no relevant records.