6.8

CVE-2015-3417

EPSS 1.02%
Veröffentlicht 24.04.2015 17:59:03
Zuletzt bearbeitet 12.04.2025 10:46:40
Quelle cve@mitre.org
Teams Watchlist Login
Unerledigt Login

Use-after-free vulnerability in the ff_h264_free_tables function in libavcodec/h264.c in FFmpeg before 2.3.6 allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted H.264 data in an MP4 file, as demonstrated by an HTML VIDEO element that references H.264 data.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 0 Referenzen 10

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Ffmpeg ≫ Ffmpeg Version <= 2.3.5

Debian ≫ Debian Linux Version8.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	1.02%	0.762

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.8	8.6	6.4	AV:N/AC:M/Au:N/C:P/I:P/A:P

http://seclists.org/fulldisclosure/2015/Apr/31

Third Party Advisory

VDB Entry

http://www.debian.org/security/2015/dsa-3288

Third Party Advisory

http://www.securityfocus.com/bid/74385

Third Party Advisory

VDB Entry

http://www.securitytracker.com/id/1032198

Third Party Advisory

VDB Entry

https://git.libav.org/?p=libav.git%3Ba=blob%3Bf=Changelog%3Bhb=refs/tags/v11.4

https://github.com/FFmpeg/FFmpeg/commit/e8714f6f93d1a32f4e4655209960afcf4c185214

Patch

Vendor Advisory

https://security.gentoo.org/glsa/201705-08

https://nvd.nist.gov/vuln/detail/CVE-2015-3417

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2015-3417

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2015-3417

EUVD