Search for vulnerabilities
Vulnerability details: VCID-h238-yys4-aaak
Vulnerability ID VCID-h238-yys4-aaak
Aliases CVE-2015-6818
Summary The decode_ihdr_chunk function in libavcodec/pngdec.c in FFmpeg before 2.7.2 does not enforce uniqueness of the IHDR (aka image header) chunk in a PNG image, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via a crafted image with two or more of these chunks.
Status Published
Exploitability 0.5
Weighted Severity 6.8
Risk 3.4
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-17 DEPRECATED: Code
System Score Found at
generic_textual Low http://ffmpeg.org/security.html
generic_textual Medium http://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-6818.html
epss 0.00384 https://api.first.org/data/v1/epss?cve=CVE-2015-6818
epss 0.00384 https://api.first.org/data/v1/epss?cve=CVE-2015-6818
epss 0.00384 https://api.first.org/data/v1/epss?cve=CVE-2015-6818
epss 0.00384 https://api.first.org/data/v1/epss?cve=CVE-2015-6818
epss 0.00384 https://api.first.org/data/v1/epss?cve=CVE-2015-6818
epss 0.00384 https://api.first.org/data/v1/epss?cve=CVE-2015-6818
epss 0.00384 https://api.first.org/data/v1/epss?cve=CVE-2015-6818
epss 0.00384 https://api.first.org/data/v1/epss?cve=CVE-2015-6818
epss 0.00384 https://api.first.org/data/v1/epss?cve=CVE-2015-6818
epss 0.00384 https://api.first.org/data/v1/epss?cve=CVE-2015-6818
epss 0.00384 https://api.first.org/data/v1/epss?cve=CVE-2015-6818
epss 0.00384 https://api.first.org/data/v1/epss?cve=CVE-2015-6818
epss 0.00384 https://api.first.org/data/v1/epss?cve=CVE-2015-6818
epss 0.00384 https://api.first.org/data/v1/epss?cve=CVE-2015-6818
epss 0.00384 https://api.first.org/data/v1/epss?cve=CVE-2015-6818
epss 0.00384 https://api.first.org/data/v1/epss?cve=CVE-2015-6818
epss 0.00715 https://api.first.org/data/v1/epss?cve=CVE-2015-6818
epss 0.00715 https://api.first.org/data/v1/epss?cve=CVE-2015-6818
epss 0.00715 https://api.first.org/data/v1/epss?cve=CVE-2015-6818
epss 0.00715 https://api.first.org/data/v1/epss?cve=CVE-2015-6818
epss 0.00715 https://api.first.org/data/v1/epss?cve=CVE-2015-6818
epss 0.00715 https://api.first.org/data/v1/epss?cve=CVE-2015-6818
epss 0.00715 https://api.first.org/data/v1/epss?cve=CVE-2015-6818
epss 0.00715 https://api.first.org/data/v1/epss?cve=CVE-2015-6818
epss 0.00715 https://api.first.org/data/v1/epss?cve=CVE-2015-6818
epss 0.00715 https://api.first.org/data/v1/epss?cve=CVE-2015-6818
epss 0.00715 https://api.first.org/data/v1/epss?cve=CVE-2015-6818
epss 0.00715 https://api.first.org/data/v1/epss?cve=CVE-2015-6818
epss 0.00715 https://api.first.org/data/v1/epss?cve=CVE-2015-6818
epss 0.00715 https://api.first.org/data/v1/epss?cve=CVE-2015-6818
epss 0.00715 https://api.first.org/data/v1/epss?cve=CVE-2015-6818
epss 0.00715 https://api.first.org/data/v1/epss?cve=CVE-2015-6818
epss 0.00715 https://api.first.org/data/v1/epss?cve=CVE-2015-6818
epss 0.00715 https://api.first.org/data/v1/epss?cve=CVE-2015-6818
epss 0.00715 https://api.first.org/data/v1/epss?cve=CVE-2015-6818
epss 0.00715 https://api.first.org/data/v1/epss?cve=CVE-2015-6818
epss 0.00715 https://api.first.org/data/v1/epss?cve=CVE-2015-6818
epss 0.00715 https://api.first.org/data/v1/epss?cve=CVE-2015-6818
epss 0.00715 https://api.first.org/data/v1/epss?cve=CVE-2015-6818
epss 0.00715 https://api.first.org/data/v1/epss?cve=CVE-2015-6818
epss 0.00715 https://api.first.org/data/v1/epss?cve=CVE-2015-6818
epss 0.00715 https://api.first.org/data/v1/epss?cve=CVE-2015-6818
epss 0.00715 https://api.first.org/data/v1/epss?cve=CVE-2015-6818
epss 0.00715 https://api.first.org/data/v1/epss?cve=CVE-2015-6818
epss 0.00715 https://api.first.org/data/v1/epss?cve=CVE-2015-6818
epss 0.00715 https://api.first.org/data/v1/epss?cve=CVE-2015-6818
epss 0.00715 https://api.first.org/data/v1/epss?cve=CVE-2015-6818
epss 0.00715 https://api.first.org/data/v1/epss?cve=CVE-2015-6818
epss 0.00715 https://api.first.org/data/v1/epss?cve=CVE-2015-6818
epss 0.00715 https://api.first.org/data/v1/epss?cve=CVE-2015-6818
epss 0.00715 https://api.first.org/data/v1/epss?cve=CVE-2015-6818
epss 0.00715 https://api.first.org/data/v1/epss?cve=CVE-2015-6818
epss 0.00715 https://api.first.org/data/v1/epss?cve=CVE-2015-6818
epss 0.00715 https://api.first.org/data/v1/epss?cve=CVE-2015-6818
epss 0.00715 https://api.first.org/data/v1/epss?cve=CVE-2015-6818
epss 0.00715 https://api.first.org/data/v1/epss?cve=CVE-2015-6818
epss 0.00715 https://api.first.org/data/v1/epss?cve=CVE-2015-6818
epss 0.00715 https://api.first.org/data/v1/epss?cve=CVE-2015-6818
epss 0.00715 https://api.first.org/data/v1/epss?cve=CVE-2015-6818
epss 0.00715 https://api.first.org/data/v1/epss?cve=CVE-2015-6818
epss 0.00715 https://api.first.org/data/v1/epss?cve=CVE-2015-6818
epss 0.00715 https://api.first.org/data/v1/epss?cve=CVE-2015-6818
epss 0.00715 https://api.first.org/data/v1/epss?cve=CVE-2015-6818
epss 0.00715 https://api.first.org/data/v1/epss?cve=CVE-2015-6818
epss 0.00715 https://api.first.org/data/v1/epss?cve=CVE-2015-6818
epss 0.00715 https://api.first.org/data/v1/epss?cve=CVE-2015-6818
epss 0.00715 https://api.first.org/data/v1/epss?cve=CVE-2015-6818
epss 0.00715 https://api.first.org/data/v1/epss?cve=CVE-2015-6818
epss 0.00715 https://api.first.org/data/v1/epss?cve=CVE-2015-6818
epss 0.00715 https://api.first.org/data/v1/epss?cve=CVE-2015-6818
epss 0.00715 https://api.first.org/data/v1/epss?cve=CVE-2015-6818
epss 0.00715 https://api.first.org/data/v1/epss?cve=CVE-2015-6818
epss 0.00715 https://api.first.org/data/v1/epss?cve=CVE-2015-6818
epss 0.00715 https://api.first.org/data/v1/epss?cve=CVE-2015-6818
epss 0.00715 https://api.first.org/data/v1/epss?cve=CVE-2015-6818
epss 0.00715 https://api.first.org/data/v1/epss?cve=CVE-2015-6818
epss 0.00715 https://api.first.org/data/v1/epss?cve=CVE-2015-6818
epss 0.00715 https://api.first.org/data/v1/epss?cve=CVE-2015-6818
epss 0.00715 https://api.first.org/data/v1/epss?cve=CVE-2015-6818
epss 0.00715 https://api.first.org/data/v1/epss?cve=CVE-2015-6818
epss 0.00715 https://api.first.org/data/v1/epss?cve=CVE-2015-6818
epss 0.00715 https://api.first.org/data/v1/epss?cve=CVE-2015-6818
epss 0.00715 https://api.first.org/data/v1/epss?cve=CVE-2015-6818
epss 0.0075 https://api.first.org/data/v1/epss?cve=CVE-2015-6818
epss 0.00887 https://api.first.org/data/v1/epss?cve=CVE-2015-6818
epss 0.00887 https://api.first.org/data/v1/epss?cve=CVE-2015-6818
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6818
cvssv2 7.5 https://nvd.nist.gov/vuln/detail/CVE-2015-6818
generic_textual Medium https://ubuntu.com/security/notices/USN-2944-1
Reference id Reference type URL
http://ffmpeg.org/security.html
http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=47f4e2d8960ca756ca153ab8e3e93d80449b8c91
http://git.videolan.org/?p=ffmpeg.git;a=commit;h=47f4e2d8960ca756ca153ab8e3e93d80449b8c91
http://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-6818.html
https://api.first.org/data/v1/epss?cve=CVE-2015-6818
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6818
https://lists.debian.org/debian-lts-announce/2018/12/msg00009.html
https://ubuntu.com/security/notices/USN-2944-1
http://www.securitytracker.com/id/1033483
http://www.ubuntu.com/usn/USN-2944-1
cpe:2.3:a:ffmpeg:ffmpeg:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ffmpeg:ffmpeg:*:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*
CVE-2015-6818 https://nvd.nist.gov/vuln/detail/CVE-2015-6818
USN-2944-1 https://usn.ubuntu.com/2944-1/
No exploits are available.
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P Found at https://nvd.nist.gov/vuln/detail/CVE-2015-6818
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Exploit Prediction Scoring System (EPSS)
Percentile 0.73612
EPSS Score 0.00384
Published At Nov. 1, 2024, midnight
Date Actor Action Source VulnerableCode Version
There are no relevant records.