CVE-2015-3417

high

Description

Use-after-free vulnerability in the ff_h264_free_tables function in libavcodec/h264.c in FFmpeg before 2.3.6 allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted H.264 data in an MP4 file, as demonstrated by an HTML VIDEO element that references H.264 data.

References

Advisories
More

http://www.securitytracker.com/id/1032198

http://www.securityfocus.com/bid/74385

http://www.debian.org/security/2015/dsa-3288

http://seclists.org/fulldisclosure/2015/Apr/31

https://security.gentoo.org/glsa/201705-08

https://github.com/FFmpeg/FFmpeg/commit/e8714f6f93d1a32f4e4655209960afcf4c185214

https://git.libav.org/?p=libav.git%3Ba=blob%3Bf=Changelog%3Bhb=refs/tags/v11.4

Details

Source: Mitre, NVD

Published: 2015-04-24

Updated: 2025-04-12

Risk Information

CVSS v2

Base Score: 6.8

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

Severity: Medium

CVSS v3

Base Score: 8.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Severity: High

EPSS

EPSS: 0.00796