CVE-2015-3417
Published: 24 April 2015
Use-after-free vulnerability in the ff_h264_free_tables function in libavcodec/h264.c in FFmpeg before 2.3.6 allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted H.264 data in an MP4 file, as demonstrated by an HTML VIDEO element that references H.264 data.
From the Ubuntu Security Team
It was discovered that Libav incorrectly handled certain media files. An attacker could possibly use this issue to cause a denial of service or other unspecified impact.
Notes
Author | Note |
---|---|
mdeslaur | doesn't appear to affected libav in precise |
Priority
Status
Package | Release | Status |
---|---|---|
ffmpeg Launchpad, Ubuntu, Debian |
artful |
Not vulnerable
|
bionic |
Not vulnerable
|
|
cosmic |
Not vulnerable
|
|
disco |
Not vulnerable
|
|
lucid |
Ignored
(end of life)
|
|
precise |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(7:2.6.1-1)
|
|
utopic |
Does not exist
|
|
vivid |
Not vulnerable
(7:2.5.6-0ubuntu0.15.04.1)
|
|
wily |
Not vulnerable
|
|
xenial |
Not vulnerable
|
|
yakkety |
Not vulnerable
|
|
zesty |
Not vulnerable
|
|
Patches: upstream: https://github.com/FFmpeg/FFmpeg/commit/e8714f6f93d1a32f4e4655209960afcf4c185214 |
||
libav Launchpad, Ubuntu, Debian |
artful |
Does not exist
|
bionic |
Does not exist
|
|
cosmic |
Does not exist
|
|
disco |
Does not exist
|
|
precise |
Not vulnerable
(4:0.8.17-0ubuntu0.12.04.1)
|
|
trusty |
Released
(6:9.20-0ubuntu0.14.04.1+esm1)
Available with Ubuntu Pro or Ubuntu Pro (Infra-only) |
|
upstream |
Released
(11.4)
|
|
utopic |
Ignored
(end of life)
|
|
vivid |
Ignored
(end of life)
|
|
wily |
Does not exist
|
|
xenial |
Does not exist
|
|
yakkety |
Does not exist
|
|
zesty |
Does not exist
|
|
Patches: upstream: https://git.libav.org/?p=libav.git;a=commit;h=3b69f245dbe6e2016659a45c4bfe284f6c5ac57e upstream: https://git.libav.org/?p=libav.git;a=commit;h=964fef3f3ced60e67831549df223bc177e1537c9 |