Lucene search

[email protected]CVE-2015-3417

HistoryApr 24, 2015 - 5:59 p.m.

CVE-2015-3417

2015-04-2417:59:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2015-3417

ffmpeg

vulnerability

denial of service

h.264

mp4

nvd

security advisory

8.8 High

AI Score

Confidence

High

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.017 Low

EPSS

Percentile

87.6%

JSON

Use-after-free vulnerability in the ff_h264_free_tables function in libavcodec/h264.c in FFmpeg before 2.3.6 allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted H.264 data in an MP4 file, as demonstrated by an HTML VIDEO element that references H.264 data.

CPENameOperatorVersion
ffmpeg:ffmpegffmpegle2.3.5
debian:debian_linuxdebian debian linuxeq8.0

CPE	Name	Operator	Version
ffmpeg:ffmpeg	ffmpeg	le	2.3.5
debian:debian_linux	debian debian linux	eq	8.0

References

seclists.org/fulldisclosure/2015/Apr/31

www.debian.org/security/2015/dsa-3288

www.securityfocus.com/bid/74385

www.securitytracker.com/id/1032198

git.libav.org/?p=libav.git%3Ba=blob%3Bf=Changelog%3Bhb=refs/tags/v11.4

github.com/FFmpeg/FFmpeg/commit/e8714f6f93d1a32f4e4655209960afcf4c185214

security.gentoo.org/glsa/201705-08

8.8 High

AI Score

Confidence

High

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.017 Low

EPSS

Percentile

87.6%

JSON

Related for CVE-2015-3417

prion1 freebsd2 debiancve1 nessus4 veracode1 ubuntucve1 cvelist1 debian1 openvas4 securityvulns2 osv1 gentoo1 mageia2