6.8

CVE-2015-3417

Use-after-free vulnerability in the ff_h264_free_tables function in libavcodec/h264.c in FFmpeg before 2.3.6 allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted H.264 data in an MP4 file, as demonstrated by an HTML VIDEO element that references H.264 data.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
FfmpegFfmpeg Version <= 2.3.5
DebianDebian Linux Version8.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 2.57% 0.831
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.8 8.6 6.4
AV:N/AC:M/Au:N/C:P/I:P/A:P
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://seclists.org/fulldisclosure/2015/Apr/31
Third Party Advisory
VDB Entry
http://www.debian.org/security/2015/dsa-3288
Third Party Advisory
http://www.securityfocus.com/bid/74385
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1032198
Third Party Advisory
VDB Entry
https://git.libav.org/?p=libav.git%3Ba=blob%3Bf=Changelog%3Bhb=refs/tags/v11.4
https://github.com/FFmpeg/FFmpeg/commit/e8714f6f93d1a32f4e4655209960afcf4c185214
Patch
Vendor Advisory
https://security.gentoo.org/glsa/201705-08