FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

ffmpeg -- use-after-free

Affected packages
11.0 <= libav < 11.4
libav < 10.7
gstreamer1-libav < 1.5.0
0 <= handbrake
2.2.0,1 <= ffmpeg < 2.2.12,1
2.1.0,1 <= ffmpeg < 2.1.7,1
ffmpeg < 2.0.7,1
ffmpeg25 < 2.5.2
ffmpeg24 < 2.4.5
ffmpeg23 < 2.3.6
ffmpeg1 < 1.2.11
0 <= mythtv
0 <= mythtv-frontend

Details

VuXML ID da434a78-e342-4d9a-87e2-7497e5f117ba
Discovery 2014-12-19
Entry 2015-09-01

NVD reports:

Use-after-free vulnerability in the ff_h264_free_tables function in libavcodec/h264.c in FFmpeg before 2.3.6 allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted H.264 data in an MP4 file, as demonstrated by an HTML VIDEO element that references H.264 data.

References

CVE Name CVE-2015-3417
URL https://ffmpeg.org/security.html
URL https://git.libav.org/?p=libav.git;a=blob;f=Changelog;hb=refs/tags/v11.4
URL https://git.libav.org/?p=libav.git;a=commitdiff;h=3b69f245dbe6e2016659a45c4bfe284f6c5ac57e
URL https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=e8714f6f93d1a32f4e4655209960afcf4c185214