6.8

CVE-2015-3417

EPSS 1.02%
Published 24.04.2015 17:59:03
Last modified 12.04.2025 10:46:40
Source cve@mitre.org
Teams watchlist Login
Open Login

Use-after-free vulnerability in the ff_h264_free_tables function in libavcodec/h264.c in FFmpeg before 2.3.6 allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted H.264 data in an MP4 file, as demonstrated by an HTML VIDEO element that references H.264 data.

Affected products Warnungen 0 Metrics 2 CWE 0 References 10

Data is provided by the National Vulnerability Database (NVD)

Ffmpeg ≫ Ffmpeg Version <= 2.3.5

Debian ≫ Debian Linux Version8.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	1.02%	0.762

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	6.8	8.6	6.4	AV:N/AC:M/Au:N/C:P/I:P/A:P

http://seclists.org/fulldisclosure/2015/Apr/31

Third Party Advisory

VDB Entry

http://www.debian.org/security/2015/dsa-3288

Third Party Advisory

http://www.securityfocus.com/bid/74385

Third Party Advisory

VDB Entry

http://www.securitytracker.com/id/1032198

Third Party Advisory

VDB Entry

https://git.libav.org/?p=libav.git%3Ba=blob%3Bf=Changelog%3Bhb=refs/tags/v11.4

https://github.com/FFmpeg/FFmpeg/commit/e8714f6f93d1a32f4e4655209960afcf4c185214

Patch

Vendor Advisory

https://security.gentoo.org/glsa/201705-08

https://nvd.nist.gov/vuln/detail/CVE-2015-3417

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2015-3417

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2015-3417

EUVD