Description
Use-after-free vulnerability in the ff_h264_free_tables function in libavcodec/h264.c in FFmpeg before 2.3.6 allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted H.264 data in an MP4 file, as demonstrated by an HTML VIDEO element that references H.264 data.
References (7)
Core 7
Core References
Various Sources x_refsource_confirm
https://git.libav.org/?p=libav.git%3Ba=blob%3Bf=Changelog%3Bhb=refs/tags/v11.4
Third Party Advisory vendor-advisory
x_refsource_gentoo
https://security.gentoo.org/glsa/201705-08
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1032198
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2015/dsa-3288
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/74385
Patch, Vendor Advisory x_refsource_confirm
https://github.com/FFmpeg/FFmpeg/commit/e8714f6f93d1a32f4e4655209960afcf4c185214
Third Party Advisory, VDB Entry mailing-list
x_refsource_fulldisc
http://seclists.org/fulldisclosure/2015/Apr/31
Scores
EPSS
0.0102
EPSS Percentile
77.3%
Details
Status
published
Products (2)
debian/debian_linux
8.0
ffmpeg/ffmpeg
< 2.3.5
Published
Apr 24, 2015
Tracked Since
Feb 18, 2026