CVE-2015-3417

Vulnerability Description

Use-after-free vulnerability in the ff_h264_free_tables function in libavcodec/h264.c in FFmpeg before 2.3.6 allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted H.264 data in an MP4 file, as demonstrated by an HTML VIDEO element that references H.264 data.

CVSS Score

Affected Products

References

• http://seclists.org/fulldisclosure/2015/Apr/31Third Party AdvisoryVDB Entry
• http://www.debian.org/security/2015/dsa-3288Third Party Advisory
• http://www.securityfocus.com/bid/74385Third Party AdvisoryVDB Entry
• http://www.securitytracker.com/id/1032198Third Party AdvisoryVDB Entry
• https://git.libav.org/?p=libav.git%3Ba=blob%3Bf=Changelog%3Bhb=refs/tags/v11.4
• https://github.com/FFmpeg/FFmpeg/commit/e8714f6f93d1a32f4e4655209960afcf4c185214PatchVendor Advisory
• https://security.gentoo.org/glsa/201705-08
• http://seclists.org/fulldisclosure/2015/Apr/31Third Party AdvisoryVDB Entry
• http://www.debian.org/security/2015/dsa-3288Third Party Advisory
• http://www.securityfocus.com/bid/74385Third Party AdvisoryVDB Entry
• http://www.securitytracker.com/id/1032198Third Party AdvisoryVDB Entry
• https://git.libav.org/?p=libav.git%3Ba=blob%3Bf=Changelog%3Bhb=refs/tags/v11.4
• https://github.com/FFmpeg/FFmpeg/commit/e8714f6f93d1a32f4e4655209960afcf4c185214PatchVendor Advisory
• https://security.gentoo.org/glsa/201705-08