FFmpeg ff_h264_free_tables function after the release of the heavy interest with vulnerability-vulnerability warning-the black bar safety net

ID MYHACK58:62201561774
Type myhack58
Reporter 佚名
Modified 2015-04-28T00:00:00


Affected system: FFmpeg FFmpeg < 2.3.6 Description: -------------------------------------------------------------------------------- CVE(CAN) ID: CVE-2 0 1 5-3 4 1 7

FFmpeg is a free you can perform audio and video multiple formats of video, transcoding, streaming functionality of the software.

FFmpeg 2.3.6 before version, libavcodec/h264. c within the function ff_h264_free_tables exist after the release of the heavy interest with the vulnerability, the remote attacker through in the MP4 file within the structure of H. 2 6 4 data, exploitation of this vulnerability may cause a denial of service.

<source: FFmpeg >

Recommendations: -------------------------------------------------------------------------------- Manufacturers patch:

FFmpeg \ ------ The current vendors have released an upgrade patch to fix this security issue, please go to the manufacturers home page download: