CVE-2015-3417 | Vulnerability Database | Aqua Security

Use-after-free vulnerability in the ff_h264_free_tables function in libavcodec/h264.c in FFmpeg before 2.3.6 allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted H.264 data in an MP4 file, as demonstrated by an HTML VIDEO element that references H.264 data.

Affected Software

Name	Vendor	Start Version	End Version
Ffmpeg	Ffmpeg	*	2.3.5 (including)
Ffmpeg	Ubuntu	lucid	*
Ffmpeg	Ubuntu	upstream	*
Libav	Ubuntu	esm-infra-legacy/trusty	*
Libav	Ubuntu	trusty	*
Libav	Ubuntu	trusty/esm	*
Libav	Ubuntu	upstream	*
Libav	Ubuntu	utopic	*
Libav	Ubuntu	vivid	*

References

http://seclists.org/fulldisclosure/2015/Apr/31
http://www.debian.org/security/2015/dsa-3288
http://www.securityfocus.com/bid/74385
http://www.securitytracker.com/id/1032198
https://git.libav.org/?p=libav.git%3Ba=blob%3Bf=Changelog%3Bhb=refs/tags/v11.4
https://github.com/FFmpeg/FFmpeg/commit/e8714f6f93d1a32f4e4655209960afcf4c185214
https://security.gentoo.org/glsa/201705-08
http://seclists.org/fulldisclosure/2015/Apr/31
http://www.debian.org/security/2015/dsa-3288
http://www.securityfocus.com/bid/74385
http://www.securitytracker.com/id/1032198
https://git.libav.org/?p=libav.git%3Ba=blob%3Bf=Changelog%3Bhb=refs/tags/v11.4
https://github.com/FFmpeg/FFmpeg/commit/e8714f6f93d1a32f4e4655209960afcf4c185214
https://security.gentoo.org/glsa/201705-08

NVD	https://nvd.nist.gov/vuln/detail/CVE-2015-3417
CWE	https://cwe.mitre.org/data/definitions/NVD-Other.html