CVE-2015-3417 — Ffmpeg vulnerability

4 documents4 sources

Severity

6.8MEDIUMNVD

EPSS

1.0%

top 22.79%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Ffmpeg Debian Ffmpeg Debian Linux

Timeline

PublishedApr 24

Latest updateMay 17

Description

Use-after-free vulnerability in the ff_h264_free_tables function in libavcodec/h264.c in FFmpeg before 2.3.6 allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted H.264 data in an MP4 file, as demonstrated by an HTML VIDEO element that references H.264 data.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages3 packages

▶debiandebian/ffmpeg< ffmpeg 7:2.6.1-1 (bookworm)

▶Debianffmpeg/ffmpeg< 7:2.6.1-1+3

▶NVDffmpeg/ffmpeg2.3.5

Also affects: Debian Linux 8.0

Patches

Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

GHSA

GHSA-9323-4x78-29mv: Use-after-free vulnerability in the ff_h264_free_tables function in libavcodec/h264↗2022-05-17

▶

OSV

CVE-2015-3417: Use-after-free vulnerability in the ff_h264_free_tables function in libavcodec/h264↗2015-04-24

▶

📋Vendor Advisories

Debian

CVE-2015-3417: ffmpeg - Use-after-free vulnerability in the ff_h264_free_tables function in libavcodec/h...↗2015

▶