ID CVE-2015-3417
Summary Use-after-free vulnerability in the ff_h264_free_tables function in libavcodec/h264.c in FFmpeg before 2.3.6 allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted H.264 data in an MP4 file, as demonstrated by an HTML VIDEO element that references H.264 data.
References
Vulnerable Configurations
  • FFmpeg 2.3.5
    cpe:2.3:a:ffmpeg:ffmpeg:2.3.5
  • Debian Linux 8.0 (Jessie)
    cpe:2.3:o:debian:debian_linux:8.0
CVSS
Base: 6.8 (as of 03-01-2017 - 13:10)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
nessus via4
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-3288.NASL
    description Several security issues have been corrected in multiple demuxers and decoders of the libav multimedia library. A full list of the changes is available at https://git.libav.org/?p=libav.git;a=blob;f=Changelog;hb=refs/tags/v11 .4
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 84171
    published 2015-06-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=84171
    title Debian DSA-3288-1 : libav - security update
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-201705-08.NASL
    description The remote host is affected by the vulnerability described in GLSA-201705-08 (libav: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in libav. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could entice a user to open a specially crafted media file in an application linked against libav, possibly resulting in execution of arbitrary code with the privileges of the application, a Denial of Service condition or access the content of arbitrary local files. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2017-05-10
    plugin id 100085
    published 2017-05-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=100085
    title GLSA-201705-08 : libav: Multiple vulnerabilities
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_022255BE089511E5A2425404A68AD561.NASL
    description The Mageia project reports : Avidemux is built with a bundled set of FFmpeg libraries. The bundled FFmpeg version has been updated from 1.2.10 to 1.2.12 to fix these security issues and other bugs fixed upstream in FFmpeg.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 83939
    published 2015-06-02
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=83939
    title FreeBSD : avidemux26 -- multiple vulnerabilities in bundled FFmpeg (022255be-0895-11e5-a242-5404a68ad561)
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_DA434A78E3424D9A87E27497E5F117BA.NASL
    description NVD reports : Use-after-free vulnerability in the ff_h264_free_tables function in libavcodec/h264.c in FFmpeg before 2.3.6 allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted H.264 data in an MP4 file, as demonstrated by an HTML VIDEO element that references H.264 data.
    last seen 2019-02-21
    modified 2018-12-27
    plugin id 85730
    published 2015-09-02
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=85730
    title FreeBSD : ffmpeg -- use-after-free (da434a78-e342-4d9a-87e2-7497e5f117ba)
refmap via4
bid 74385
confirm
debian DSA-3288
fulldisc 20150414 several issues in SQLite (+ catching up on several other bugs)
gentoo GLSA-201705-08
sectrack 1032198
Last major update 03-01-2017 - 14:00
Published 24-04-2015 - 13:59
Last modified 30-06-2017 - 21:29
Back to Top