FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

ffmpeg -- use-after-free

Affected packages
11.0 <= libav < 11.4
libav < 10.7
gstreamer1-libav < 1.5.0
handbrake < 1.2.0
2.2.0,1 <= ffmpeg < 2.2.12,1
2.1.0,1 <= ffmpeg < 2.1.7,1
ffmpeg < 2.0.7,1
ffmpeg25 < 2.5.2
ffmpeg24 < 2.4.5
ffmpeg23 < 2.3.6
ffmpeg1 < 1.2.11
mythtv <= 0.27.5,1
mythtv-frontend <= 0.27.5,1

Details

VuXML ID da434a78-e342-4d9a-87e2-7497e5f117ba
Discovery 2014-12-19
Entry 2015-09-01
Modified 2018-03-25

NVD reports:

Use-after-free vulnerability in the ff_h264_free_tables function in libavcodec/h264.c in FFmpeg before 2.3.6 allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted H.264 data in an MP4 file, as demonstrated by an HTML VIDEO element that references H.264 data.

[source]

References

CVE Name CVE-2015-3417
URL https://ffmpeg.org/security.html
URL https://git.libav.org/?p=libav.git;a=blob;f=Changelog;hb=refs/tags/v11.4
URL https://git.libav.org/?p=libav.git;a=commitdiff;h=3b69f245dbe6e2016659a45c4bfe284f6c5ac57e
URL https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=e8714f6f93d1a32f4e4655209960afcf4c185214

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.