cvelistv5 - cve-2015-3417

CVE-2015-3417 (GCVE-0-2015-3417)

Vulnerability from cvelistv5 – Published: 2015-04-24 17:00 – Updated: 2024-08-06 05:47

Summary

Use-after-free vulnerability in the ff_h264_free_tables function in libavcodec/h264.c in FFmpeg before 2.3.6 allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted H.264 data in an MP4 file, as demonstrated by an HTML VIDEO element that references H.264 data.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	https://git.libav.org/?p=libav.git%3Ba=blob%3Bf=C…	x_refsource_CONFIRM
	https://security.gentoo.org/glsa/201705-08	vendor-advisoryx_refsource_GENTOO
	http://www.securitytracker.com/id/1032198	vdb-entryx_refsource_SECTRACK
	http://www.debian.org/security/2015/dsa-3288	vendor-advisoryx_refsource_DEBIAN
	http://www.securityfocus.com/bid/74385	vdb-entryx_refsource_BID
	https://github.com/FFmpeg/FFmpeg/commit/e8714f6f9…	x_refsource_CONFIRM
	http://seclists.org/fulldisclosure/2015/Apr/31	mailing-listx_refsource_FULLDISC

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T05:47:57.813Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://git.libav.org/?p=libav.git%3Ba=blob%3Bf=Changelog%3Bhb=refs/tags/v11.4"
          },
          {
            "name": "GLSA-201705-08",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201705-08"
          },
          {
            "name": "1032198",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1032198"
          },
          {
            "name": "DSA-3288",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2015/dsa-3288"
          },
          {
            "name": "74385",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/74385"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/FFmpeg/FFmpeg/commit/e8714f6f93d1a32f4e4655209960afcf4c185214"
          },
          {
            "name": "20150414 several issues in SQLite (+ catching up on several other bugs)",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2015/Apr/31"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-04-14T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Use-after-free vulnerability in the ff_h264_free_tables function in libavcodec/h264.c in FFmpeg before 2.3.6 allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted H.264 data in an MP4 file, as demonstrated by an HTML VIDEO element that references H.264 data."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-06-30T16:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://git.libav.org/?p=libav.git%3Ba=blob%3Bf=Changelog%3Bhb=refs/tags/v11.4"
        },
        {
          "name": "GLSA-201705-08",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201705-08"
        },
        {
          "name": "1032198",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1032198"
        },
        {
          "name": "DSA-3288",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2015/dsa-3288"
        },
        {
          "name": "74385",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/74385"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/FFmpeg/FFmpeg/commit/e8714f6f93d1a32f4e4655209960afcf4c185214"
        },
        {
          "name": "20150414 several issues in SQLite (+ catching up on several other bugs)",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "http://seclists.org/fulldisclosure/2015/Apr/31"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2015-3417",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Use-after-free vulnerability in the ff_h264_free_tables function in libavcodec/h264.c in FFmpeg before 2.3.6 allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted H.264 data in an MP4 file, as demonstrated by an HTML VIDEO element that references H.264 data."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://git.libav.org/?p=libav.git;a=blob;f=Changelog;hb=refs/tags/v11.4",
              "refsource": "CONFIRM",
              "url": "https://git.libav.org/?p=libav.git;a=blob;f=Changelog;hb=refs/tags/v11.4"
            },
            {
              "name": "GLSA-201705-08",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201705-08"
            },
            {
              "name": "1032198",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1032198"
            },
            {
              "name": "DSA-3288",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2015/dsa-3288"
            },
            {
              "name": "74385",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/74385"
            },
            {
              "name": "https://github.com/FFmpeg/FFmpeg/commit/e8714f6f93d1a32f4e4655209960afcf4c185214",
              "refsource": "CONFIRM",
              "url": "https://github.com/FFmpeg/FFmpeg/commit/e8714f6f93d1a32f4e4655209960afcf4c185214"
            },
            {
              "name": "20150414 several issues in SQLite (+ catching up on several other bugs)",
              "refsource": "FULLDISC",
              "url": "http://seclists.org/fulldisclosure/2015/Apr/31"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2015-3417",
    "datePublished": "2015-04-24T17:00:00",
    "dateReserved": "2015-04-24T00:00:00",
    "dateUpdated": "2024-08-06T05:47:57.813Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ffmpeg:ffmpeg:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"2.3.5\", \"matchCriteriaId\": \"E2A7B6DB-E964-4C0B-BC45-2BA08A4497C2\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Use-after-free vulnerability in the ff_h264_free_tables function in libavcodec/h264.c in FFmpeg before 2.3.6 allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted H.264 data in an MP4 file, as demonstrated by an HTML VIDEO element that references H.264 data.\"}, {\"lang\": \"es\", \"value\": \"Vulnerabilidad de uso despu\\u00e9s de liberaci\\u00f3n en la funci\\u00f3n ff_h264_free_tables en libavcodec/h264.c en FFmpeg anterior a 2.3.6 permite a atacantes remotos causar una denegaci\\u00f3n de servicio o posiblemente tener otro impacto no especificado a trav\\u00e9s de datos H.264 manipulados en un fichero MP4, tal y como fue demostrado por un elemento HTML VIDEO que hace referencia a datos H.264.\"}]",
      "evaluatorComment": "\u003ca href=\"http://cwe.mitre.org/data/definitions/416.html\"\u003eCWE-416: Use After Free\u003c/a\u003e",
      "id": "CVE-2015-3417",
      "lastModified": "2024-11-21T02:29:23.327",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:P/I:P/A:P\", \"baseScore\": 6.8, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.6, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
      "published": "2015-04-24T17:59:03.393",
      "references": "[{\"url\": \"http://seclists.org/fulldisclosure/2015/Apr/31\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.debian.org/security/2015/dsa-3288\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/74385\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.securitytracker.com/id/1032198\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://git.libav.org/?p=libav.git%3Ba=blob%3Bf=Changelog%3Bhb=refs/tags/v11.4\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://github.com/FFmpeg/FFmpeg/commit/e8714f6f93d1a32f4e4655209960afcf4c185214\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"https://security.gentoo.org/glsa/201705-08\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://seclists.org/fulldisclosure/2015/Apr/31\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.debian.org/security/2015/dsa-3288\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/74385\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.securitytracker.com/id/1032198\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://git.libav.org/?p=libav.git%3Ba=blob%3Bf=Changelog%3Bhb=refs/tags/v11.4\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://github.com/FFmpeg/FFmpeg/commit/e8714f6f93d1a32f4e4655209960afcf4c185214\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"https://security.gentoo.org/glsa/201705-08\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-Other\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2015-3417\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2015-04-24T17:59:03.393\",\"lastModified\":\"2025-04-12T10:46:40.837\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Use-after-free vulnerability in the ff_h264_free_tables function in libavcodec/h264.c in FFmpeg before 2.3.6 allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted H.264 data in an MP4 file, as demonstrated by an HTML VIDEO element that references H.264 data.\"},{\"lang\":\"es\",\"value\":\"Vulnerabilidad de uso despu\u00e9s de liberaci\u00f3n en la funci\u00f3n ff_h264_free_tables en libavcodec/h264.c en FFmpeg anterior a 2.3.6 permite a atacantes remotos causar una denegaci\u00f3n de servicio o posiblemente tener otro impacto no especificado a trav\u00e9s de datos H.264 manipulados en un fichero MP4, tal y como fue demostrado por un elemento HTML VIDEO que hace referencia a datos H.264.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:P/I:P/A:P\",\"baseScore\":6.8,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-Other\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ffmpeg:ffmpeg:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"2.3.5\",\"matchCriteriaId\":\"E2A7B6DB-E964-4C0B-BC45-2BA08A4497C2\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43\"}]}]}],\"references\":[{\"url\":\"http://seclists.org/fulldisclosure/2015/Apr/31\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.debian.org/security/2015/dsa-3288\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/74385\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1032198\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://git.libav.org/?p=libav.git%3Ba=blob%3Bf=Changelog%3Bhb=refs/tags/v11.4\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://github.com/FFmpeg/FFmpeg/commit/e8714f6f93d1a32f4e4655209960afcf4c185214\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/201705-08\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://seclists.org/fulldisclosure/2015/Apr/31\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.debian.org/security/2015/dsa-3288\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/74385\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1032198\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://git.libav.org/?p=libav.git%3Ba=blob%3Bf=Changelog%3Bhb=refs/tags/v11.4\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://github.com/FFmpeg/FFmpeg/commit/e8714f6f93d1a32f4e4655209960afcf4c185214\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/201705-08\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}],\"evaluatorComment\":\"\u003ca href=\\\"http://cwe.mitre.org/data/definitions/416.html\\\"\u003eCWE-416: Use After Free\u003c/a\u003e\"}}"
  }
}

OPENSUSE-SU-2024:10926-1

Vulnerability from csaf_opensuse - Published: 2024-06-15 00:00 - Updated: 2024-06-15 00:00

Summary

libav-tools-12.3-1.17 on GA media

Notes

Title of the patch

libav-tools-12.3-1.17 on GA media

Description of the patch

These are all security issues fixed in the libav-tools-12.3-1.17 package on the GA media of openSUSE Tumbleweed.

Patchnames

openSUSE-Tumbleweed-2024-10926

CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "libav-tools-12.3-1.17 on GA media",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "These are all security issues fixed in the libav-tools-12.3-1.17 package on the GA media of openSUSE Tumbleweed.",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "openSUSE-Tumbleweed-2024-10926",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_10926-1.json"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2011-3946 page",
        "url": "https://www.suse.com/security/cve/CVE-2011-3946/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2012-6618 page",
        "url": "https://www.suse.com/security/cve/CVE-2012-6618/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2013-0851 page",
        "url": "https://www.suse.com/security/cve/CVE-2013-0851/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2013-0852 page",
        "url": "https://www.suse.com/security/cve/CVE-2013-0852/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2013-0868 page",
        "url": "https://www.suse.com/security/cve/CVE-2013-0868/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2013-7010 page",
        "url": "https://www.suse.com/security/cve/CVE-2013-7010/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2014-8544 page",
        "url": "https://www.suse.com/security/cve/CVE-2014-8544/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2014-9604 page",
        "url": "https://www.suse.com/security/cve/CVE-2014-9604/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2015-3395 page",
        "url": "https://www.suse.com/security/cve/CVE-2015-3395/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2015-3417 page",
        "url": "https://www.suse.com/security/cve/CVE-2015-3417/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2015-5479 page",
        "url": "https://www.suse.com/security/cve/CVE-2015-5479/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2016-3062 page",
        "url": "https://www.suse.com/security/cve/CVE-2016-3062/"
      }
    ],
    "title": "libav-tools-12.3-1.17 on GA media",
    "tracking": {
      "current_release_date": "2024-06-15T00:00:00Z",
      "generator": {
        "date": "2024-06-15T00:00:00Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "openSUSE-SU-2024:10926-1",
      "initial_release_date": "2024-06-15T00:00:00Z",
      "revision_history": [
        {
          "date": "2024-06-15T00:00:00Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libav-tools-12.3-1.17.aarch64",
                "product": {
                  "name": "libav-tools-12.3-1.17.aarch64",
                  "product_id": "libav-tools-12.3-1.17.aarch64"
                }
              }
            ],
            "category": "architecture",
            "name": "aarch64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libav-tools-12.3-1.17.ppc64le",
                "product": {
                  "name": "libav-tools-12.3-1.17.ppc64le",
                  "product_id": "libav-tools-12.3-1.17.ppc64le"
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libav-tools-12.3-1.17.s390x",
                "product": {
                  "name": "libav-tools-12.3-1.17.s390x",
                  "product_id": "libav-tools-12.3-1.17.s390x"
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libav-tools-12.3-1.17.x86_64",
                "product": {
                  "name": "libav-tools-12.3-1.17.x86_64",
                  "product_id": "libav-tools-12.3-1.17.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "openSUSE Tumbleweed",
                "product": {
                  "name": "openSUSE Tumbleweed",
                  "product_id": "openSUSE Tumbleweed",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:opensuse:tumbleweed"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libav-tools-12.3-1.17.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:libav-tools-12.3-1.17.aarch64"
        },
        "product_reference": "libav-tools-12.3-1.17.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libav-tools-12.3-1.17.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:libav-tools-12.3-1.17.ppc64le"
        },
        "product_reference": "libav-tools-12.3-1.17.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libav-tools-12.3-1.17.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:libav-tools-12.3-1.17.s390x"
        },
        "product_reference": "libav-tools-12.3-1.17.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libav-tools-12.3-1.17.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:libav-tools-12.3-1.17.x86_64"
        },
        "product_reference": "libav-tools-12.3-1.17.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2011-3946",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2011-3946"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "The ff_h264_decode_sei function in libavcodec/h264_sei.c in FFmpeg before 0.10 allows remote attackers to have an unspecified impact via crafted Supplemental enhancement information (SEI) data, which triggers an infinite loop.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:libav-tools-12.3-1.17.aarch64",
          "openSUSE Tumbleweed:libav-tools-12.3-1.17.ppc64le",
          "openSUSE Tumbleweed:libav-tools-12.3-1.17.s390x",
          "openSUSE Tumbleweed:libav-tools-12.3-1.17.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2011-3946",
          "url": "https://www.suse.com/security/cve/CVE-2011-3946"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:libav-tools-12.3-1.17.aarch64",
            "openSUSE Tumbleweed:libav-tools-12.3-1.17.ppc64le",
            "openSUSE Tumbleweed:libav-tools-12.3-1.17.s390x",
            "openSUSE Tumbleweed:libav-tools-12.3-1.17.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2011-3946"
    },
    {
      "cve": "CVE-2012-6618",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2012-6618"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "The av_probe_input_buffer function in libavformat/utils.c in FFmpeg before 1.0.2, when running with certain -probesize values, allows remote attackers to cause a denial of service (crash) via a crafted MP3 file, possibly related to frame size or lack of sufficient \"frames to estimate rate.\"",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:libav-tools-12.3-1.17.aarch64",
          "openSUSE Tumbleweed:libav-tools-12.3-1.17.ppc64le",
          "openSUSE Tumbleweed:libav-tools-12.3-1.17.s390x",
          "openSUSE Tumbleweed:libav-tools-12.3-1.17.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2012-6618",
          "url": "https://www.suse.com/security/cve/CVE-2012-6618"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:libav-tools-12.3-1.17.aarch64",
            "openSUSE Tumbleweed:libav-tools-12.3-1.17.ppc64le",
            "openSUSE Tumbleweed:libav-tools-12.3-1.17.s390x",
            "openSUSE Tumbleweed:libav-tools-12.3-1.17.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "low"
        }
      ],
      "title": "CVE-2012-6618"
    },
    {
      "cve": "CVE-2013-0851",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2013-0851"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "The decode_frame function in libavcodec/eamad.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via crafted Electronic Arts Madcow video data, which triggers an out-of-bounds array access.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:libav-tools-12.3-1.17.aarch64",
          "openSUSE Tumbleweed:libav-tools-12.3-1.17.ppc64le",
          "openSUSE Tumbleweed:libav-tools-12.3-1.17.s390x",
          "openSUSE Tumbleweed:libav-tools-12.3-1.17.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2013-0851",
          "url": "https://www.suse.com/security/cve/CVE-2013-0851"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:libav-tools-12.3-1.17.aarch64",
            "openSUSE Tumbleweed:libav-tools-12.3-1.17.ppc64le",
            "openSUSE Tumbleweed:libav-tools-12.3-1.17.s390x",
            "openSUSE Tumbleweed:libav-tools-12.3-1.17.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "critical"
        }
      ],
      "title": "CVE-2013-0851"
    },
    {
      "cve": "CVE-2013-0852",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2013-0852"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "The parse_picture_segment function in libavcodec/pgssubdec.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via crafted RLE data, which triggers an out-of-bounds array access.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:libav-tools-12.3-1.17.aarch64",
          "openSUSE Tumbleweed:libav-tools-12.3-1.17.ppc64le",
          "openSUSE Tumbleweed:libav-tools-12.3-1.17.s390x",
          "openSUSE Tumbleweed:libav-tools-12.3-1.17.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2013-0852",
          "url": "https://www.suse.com/security/cve/CVE-2013-0852"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:libav-tools-12.3-1.17.aarch64",
            "openSUSE Tumbleweed:libav-tools-12.3-1.17.ppc64le",
            "openSUSE Tumbleweed:libav-tools-12.3-1.17.s390x",
            "openSUSE Tumbleweed:libav-tools-12.3-1.17.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "critical"
        }
      ],
      "title": "CVE-2013-0852"
    },
    {
      "cve": "CVE-2013-0868",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2013-0868"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "libavcodec/huffyuvdec.c in FFmpeg before 1.1.2 allows remote attackers to have an unspecified impact via crafted Huffyuv data, related to an out-of-bounds write and (1) unchecked return codes from the init_vlc function and (2) \"len==0 cases.\"",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:libav-tools-12.3-1.17.aarch64",
          "openSUSE Tumbleweed:libav-tools-12.3-1.17.ppc64le",
          "openSUSE Tumbleweed:libav-tools-12.3-1.17.s390x",
          "openSUSE Tumbleweed:libav-tools-12.3-1.17.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2013-0868",
          "url": "https://www.suse.com/security/cve/CVE-2013-0868"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1189142 for CVE-2013-0868",
          "url": "https://bugzilla.suse.com/1189142"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:libav-tools-12.3-1.17.aarch64",
            "openSUSE Tumbleweed:libav-tools-12.3-1.17.ppc64le",
            "openSUSE Tumbleweed:libav-tools-12.3-1.17.s390x",
            "openSUSE Tumbleweed:libav-tools-12.3-1.17.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "critical"
        }
      ],
      "title": "CVE-2013-0868"
    },
    {
      "cve": "CVE-2013-7010",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2013-7010"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Multiple integer signedness errors in libavcodec/dsputil.c in FFmpeg before 2.1 allow remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted data.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:libav-tools-12.3-1.17.aarch64",
          "openSUSE Tumbleweed:libav-tools-12.3-1.17.ppc64le",
          "openSUSE Tumbleweed:libav-tools-12.3-1.17.s390x",
          "openSUSE Tumbleweed:libav-tools-12.3-1.17.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2013-7010",
          "url": "https://www.suse.com/security/cve/CVE-2013-7010"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:libav-tools-12.3-1.17.aarch64",
            "openSUSE Tumbleweed:libav-tools-12.3-1.17.ppc64le",
            "openSUSE Tumbleweed:libav-tools-12.3-1.17.s390x",
            "openSUSE Tumbleweed:libav-tools-12.3-1.17.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2013-7010"
    },
    {
      "cve": "CVE-2014-8544",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2014-8544"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "libavcodec/tiff.c in FFmpeg before 2.4.2 does not properly validate bits-per-pixel fields, which allows remote attackers to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via crafted TIFF data.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:libav-tools-12.3-1.17.aarch64",
          "openSUSE Tumbleweed:libav-tools-12.3-1.17.ppc64le",
          "openSUSE Tumbleweed:libav-tools-12.3-1.17.s390x",
          "openSUSE Tumbleweed:libav-tools-12.3-1.17.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2014-8544",
          "url": "https://www.suse.com/security/cve/CVE-2014-8544"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:libav-tools-12.3-1.17.aarch64",
            "openSUSE Tumbleweed:libav-tools-12.3-1.17.ppc64le",
            "openSUSE Tumbleweed:libav-tools-12.3-1.17.s390x",
            "openSUSE Tumbleweed:libav-tools-12.3-1.17.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2014-8544"
    },
    {
      "cve": "CVE-2014-9604",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2014-9604"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "libavcodec/utvideodec.c in FFmpeg before 2.5.2 does not check for a zero value of a slice height, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted Ut Video data, related to the (1) restore_median and (2) restore_median_il functions.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:libav-tools-12.3-1.17.aarch64",
          "openSUSE Tumbleweed:libav-tools-12.3-1.17.ppc64le",
          "openSUSE Tumbleweed:libav-tools-12.3-1.17.s390x",
          "openSUSE Tumbleweed:libav-tools-12.3-1.17.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2014-9604",
          "url": "https://www.suse.com/security/cve/CVE-2014-9604"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:libav-tools-12.3-1.17.aarch64",
            "openSUSE Tumbleweed:libav-tools-12.3-1.17.ppc64le",
            "openSUSE Tumbleweed:libav-tools-12.3-1.17.s390x",
            "openSUSE Tumbleweed:libav-tools-12.3-1.17.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2014-9604"
    },
    {
      "cve": "CVE-2015-3395",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2015-3395"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "The msrle_decode_pal4 function in msrledec.c in Libav before 10.7 and 11.x before 11.4 and FFmpeg before 2.0.7, 2.2.x before 2.2.15, 2.4.x before 2.4.8, 2.5.x before 2.5.6, and 2.6.x before 2.6.2 allows remote attackers to have unspecified impact via a crafted image, related to a pixel pointer, which triggers an out-of-bounds array access.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:libav-tools-12.3-1.17.aarch64",
          "openSUSE Tumbleweed:libav-tools-12.3-1.17.ppc64le",
          "openSUSE Tumbleweed:libav-tools-12.3-1.17.s390x",
          "openSUSE Tumbleweed:libav-tools-12.3-1.17.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2015-3395",
          "url": "https://www.suse.com/security/cve/CVE-2015-3395"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 931216 for CVE-2015-3395",
          "url": "https://bugzilla.suse.com/931216"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:libav-tools-12.3-1.17.aarch64",
            "openSUSE Tumbleweed:libav-tools-12.3-1.17.ppc64le",
            "openSUSE Tumbleweed:libav-tools-12.3-1.17.s390x",
            "openSUSE Tumbleweed:libav-tools-12.3-1.17.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2015-3395"
    },
    {
      "cve": "CVE-2015-3417",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2015-3417"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Use-after-free vulnerability in the ff_h264_free_tables function in libavcodec/h264.c in FFmpeg before 2.3.6 allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted H.264 data in an MP4 file, as demonstrated by an HTML VIDEO element that references H.264 data.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:libav-tools-12.3-1.17.aarch64",
          "openSUSE Tumbleweed:libav-tools-12.3-1.17.ppc64le",
          "openSUSE Tumbleweed:libav-tools-12.3-1.17.s390x",
          "openSUSE Tumbleweed:libav-tools-12.3-1.17.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2015-3417",
          "url": "https://www.suse.com/security/cve/CVE-2015-3417"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:libav-tools-12.3-1.17.aarch64",
            "openSUSE Tumbleweed:libav-tools-12.3-1.17.ppc64le",
            "openSUSE Tumbleweed:libav-tools-12.3-1.17.s390x",
            "openSUSE Tumbleweed:libav-tools-12.3-1.17.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2015-3417"
    },
    {
      "cve": "CVE-2015-5479",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2015-5479"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "The ff_h263_decode_mba function in libavcodec/ituh263dec.c in Libav before 11.5 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a file with crafted dimensions.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:libav-tools-12.3-1.17.aarch64",
          "openSUSE Tumbleweed:libav-tools-12.3-1.17.ppc64le",
          "openSUSE Tumbleweed:libav-tools-12.3-1.17.s390x",
          "openSUSE Tumbleweed:libav-tools-12.3-1.17.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2015-5479",
          "url": "https://www.suse.com/security/cve/CVE-2015-5479"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 949760 for CVE-2015-5479",
          "url": "https://bugzilla.suse.com/949760"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:libav-tools-12.3-1.17.aarch64",
            "openSUSE Tumbleweed:libav-tools-12.3-1.17.ppc64le",
            "openSUSE Tumbleweed:libav-tools-12.3-1.17.s390x",
            "openSUSE Tumbleweed:libav-tools-12.3-1.17.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
            "version": "3.0"
          },
          "products": [
            "openSUSE Tumbleweed:libav-tools-12.3-1.17.aarch64",
            "openSUSE Tumbleweed:libav-tools-12.3-1.17.ppc64le",
            "openSUSE Tumbleweed:libav-tools-12.3-1.17.s390x",
            "openSUSE Tumbleweed:libav-tools-12.3-1.17.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2015-5479"
    },
    {
      "cve": "CVE-2016-3062",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2016-3062"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "The mov_read_dref function in libavformat/mov.c in Libav before 11.7 and FFmpeg before 0.11 allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via the entries value in a dref box in an MP4 file.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:libav-tools-12.3-1.17.aarch64",
          "openSUSE Tumbleweed:libav-tools-12.3-1.17.ppc64le",
          "openSUSE Tumbleweed:libav-tools-12.3-1.17.s390x",
          "openSUSE Tumbleweed:libav-tools-12.3-1.17.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2016-3062",
          "url": "https://www.suse.com/security/cve/CVE-2016-3062"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 984487 for CVE-2016-3062",
          "url": "https://bugzilla.suse.com/984487"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:libav-tools-12.3-1.17.aarch64",
            "openSUSE Tumbleweed:libav-tools-12.3-1.17.ppc64le",
            "openSUSE Tumbleweed:libav-tools-12.3-1.17.s390x",
            "openSUSE Tumbleweed:libav-tools-12.3-1.17.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "openSUSE Tumbleweed:libav-tools-12.3-1.17.aarch64",
            "openSUSE Tumbleweed:libav-tools-12.3-1.17.ppc64le",
            "openSUSE Tumbleweed:libav-tools-12.3-1.17.s390x",
            "openSUSE Tumbleweed:libav-tools-12.3-1.17.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2016-3062"
    }
  ]
}

GSD-2015-3417

Vulnerability from gsd - Updated: 2023-12-13 01:20

Details

Aliases

CVE-2015-3417

Aliases

CVE-2015-3417

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2015-3417",
    "description": "Use-after-free vulnerability in the ff_h264_free_tables function in libavcodec/h264.c in FFmpeg before 2.3.6 allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted H.264 data in an MP4 file, as demonstrated by an HTML VIDEO element that references H.264 data.",
    "id": "GSD-2015-3417",
    "references": [
      "https://www.suse.com/security/cve/CVE-2015-3417.html",
      "https://www.debian.org/security/2015/dsa-3288",
      "https://advisories.mageia.org/CVE-2015-3417.html"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2015-3417"
      ],
      "details": "Use-after-free vulnerability in the ff_h264_free_tables function in libavcodec/h264.c in FFmpeg before 2.3.6 allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted H.264 data in an MP4 file, as demonstrated by an HTML VIDEO element that references H.264 data.",
      "id": "GSD-2015-3417",
      "modified": "2023-12-13T01:20:07.813072Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2015-3417",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Use-after-free vulnerability in the ff_h264_free_tables function in libavcodec/h264.c in FFmpeg before 2.3.6 allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted H.264 data in an MP4 file, as demonstrated by an HTML VIDEO element that references H.264 data."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://git.libav.org/?p=libav.git;a=blob;f=Changelog;hb=refs/tags/v11.4",
            "refsource": "CONFIRM",
            "url": "https://git.libav.org/?p=libav.git;a=blob;f=Changelog;hb=refs/tags/v11.4"
          },
          {
            "name": "GLSA-201705-08",
            "refsource": "GENTOO",
            "url": "https://security.gentoo.org/glsa/201705-08"
          },
          {
            "name": "1032198",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id/1032198"
          },
          {
            "name": "DSA-3288",
            "refsource": "DEBIAN",
            "url": "http://www.debian.org/security/2015/dsa-3288"
          },
          {
            "name": "74385",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/74385"
          },
          {
            "name": "https://github.com/FFmpeg/FFmpeg/commit/e8714f6f93d1a32f4e4655209960afcf4c185214",
            "refsource": "CONFIRM",
            "url": "https://github.com/FFmpeg/FFmpeg/commit/e8714f6f93d1a32f4e4655209960afcf4c185214"
          },
          {
            "name": "20150414 several issues in SQLite (+ catching up on several other bugs)",
            "refsource": "FULLDISC",
            "url": "http://seclists.org/fulldisclosure/2015/Apr/31"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:ffmpeg:ffmpeg:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "2.3.5",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2015-3417"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Use-after-free vulnerability in the ff_h264_free_tables function in libavcodec/h264.c in FFmpeg before 2.3.6 allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted H.264 data in an MP4 file, as demonstrated by an HTML VIDEO element that references H.264 data."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-Other"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/FFmpeg/FFmpeg/commit/e8714f6f93d1a32f4e4655209960afcf4c185214",
              "refsource": "CONFIRM",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "https://github.com/FFmpeg/FFmpeg/commit/e8714f6f93d1a32f4e4655209960afcf4c185214"
            },
            {
              "name": "20150414 several issues in SQLite (+ catching up on several other bugs)",
              "refsource": "FULLDISC",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://seclists.org/fulldisclosure/2015/Apr/31"
            },
            {
              "name": "1032198",
              "refsource": "SECTRACK",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securitytracker.com/id/1032198"
            },
            {
              "name": "DSA-3288",
              "refsource": "DEBIAN",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://www.debian.org/security/2015/dsa-3288"
            },
            {
              "name": "https://git.libav.org/?p=libav.git;a=blob;f=Changelog;hb=refs/tags/v11.4",
              "refsource": "CONFIRM",
              "tags": [
                "Release Notes",
                "Vendor Advisory"
              ],
              "url": "https://git.libav.org/?p=libav.git;a=blob;f=Changelog;hb=refs/tags/v11.4"
            },
            {
              "name": "74385",
              "refsource": "BID",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/bid/74385"
            },
            {
              "name": "GLSA-201705-08",
              "refsource": "GENTOO",
              "tags": [],
              "url": "https://security.gentoo.org/glsa/201705-08"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": true
        }
      },
      "lastModifiedDate": "2017-07-01T01:29Z",
      "publishedDate": "2015-04-24T17:59Z"
    }
  }
}

FKIE_CVE-2015-3417

Vulnerability from fkie_nvd - Published: 2015-04-24 17:59 - Updated: 2025-04-12 10:46

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://seclists.org/fulldisclosure/2015/Apr/31	Third Party Advisory, VDB Entry
cve@mitre.org	http://www.debian.org/security/2015/dsa-3288	Third Party Advisory
cve@mitre.org	http://www.securityfocus.com/bid/74385	Third Party Advisory, VDB Entry
cve@mitre.org	http://www.securitytracker.com/id/1032198	Third Party Advisory, VDB Entry
cve@mitre.org	https://git.libav.org/?p=libav.git%3Ba=blob%3Bf=Changelog%3Bhb=refs/tags/v11.4
cve@mitre.org	https://github.com/FFmpeg/FFmpeg/commit/e8714f6f93d1a32f4e4655209960afcf4c185214	Patch, Vendor Advisory
cve@mitre.org	https://security.gentoo.org/glsa/201705-08
af854a3a-2127-422b-91ae-364da2661108	http://seclists.org/fulldisclosure/2015/Apr/31	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.debian.org/security/2015/dsa-3288	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/74385	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1032198	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://git.libav.org/?p=libav.git%3Ba=blob%3Bf=Changelog%3Bhb=refs/tags/v11.4
af854a3a-2127-422b-91ae-364da2661108	https://github.com/FFmpeg/FFmpeg/commit/e8714f6f93d1a32f4e4655209960afcf4c185214	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.gentoo.org/glsa/201705-08

Impacted products

	Vendor	Product	Version
	ffmpeg	ffmpeg	*
	debian	debian_linux	8.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ffmpeg:ffmpeg:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E2A7B6DB-E964-4C0B-BC45-2BA08A4497C2",
              "versionEndIncluding": "2.3.5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Use-after-free vulnerability in the ff_h264_free_tables function in libavcodec/h264.c in FFmpeg before 2.3.6 allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted H.264 data in an MP4 file, as demonstrated by an HTML VIDEO element that references H.264 data."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de uso despu\u00e9s de liberaci\u00f3n en la funci\u00f3n ff_h264_free_tables en libavcodec/h264.c en FFmpeg anterior a 2.3.6 permite a atacantes remotos causar una denegaci\u00f3n de servicio o posiblemente tener otro impacto no especificado a trav\u00e9s de datos H.264 manipulados en un fichero MP4, tal y como fue demostrado por un elemento HTML VIDEO que hace referencia a datos H.264."
    }
  ],
  "evaluatorComment": "\u003ca href=\"http://cwe.mitre.org/data/definitions/416.html\"\u003eCWE-416: Use After Free\u003c/a\u003e",
  "id": "CVE-2015-3417",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2015-04-24T17:59:03.393",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://seclists.org/fulldisclosure/2015/Apr/31"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.debian.org/security/2015/dsa-3288"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/74385"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1032198"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://git.libav.org/?p=libav.git%3Ba=blob%3Bf=Changelog%3Bhb=refs/tags/v11.4"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://github.com/FFmpeg/FFmpeg/commit/e8714f6f93d1a32f4e4655209960afcf4c185214"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://security.gentoo.org/glsa/201705-08"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://seclists.org/fulldisclosure/2015/Apr/31"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.debian.org/security/2015/dsa-3288"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/74385"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1032198"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://git.libav.org/?p=libav.git%3Ba=blob%3Bf=Changelog%3Bhb=refs/tags/v11.4"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://github.com/FFmpeg/FFmpeg/commit/e8714f6f93d1a32f4e4655209960afcf4c185214"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://security.gentoo.org/glsa/201705-08"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-9323-4X78-29MV

Vulnerability from github – Published: 2022-05-17 02:38 – Updated: 2025-04-12 12:47

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2015-3417"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2015-04-24T17:59:00Z",
    "severity": "MODERATE"
  },
  "details": "Use-after-free vulnerability in the ff_h264_free_tables function in libavcodec/h264.c in FFmpeg before 2.3.6 allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted H.264 data in an MP4 file, as demonstrated by an HTML VIDEO element that references H.264 data.",
  "id": "GHSA-9323-4x78-29mv",
  "modified": "2025-04-12T12:47:32Z",
  "published": "2022-05-17T02:38:48Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-3417"
    },
    {
      "type": "WEB",
      "url": "https://github.com/FFmpeg/FFmpeg/commit/e8714f6f93d1a32f4e4655209960afcf4c185214"
    },
    {
      "type": "WEB",
      "url": "https://git.libav.org/?p=libav.git%3Ba=blob%3Bf=Changelog%3Bhb=refs/tags/v11.4"
    },
    {
      "type": "WEB",
      "url": "https://git.libav.org/?p=libav.git;a=blob;f=Changelog;hb=refs/tags/v11.4"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/201705-08"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/fulldisclosure/2015/Apr/31"
    },
    {
      "type": "WEB",
      "url": "http://www.debian.org/security/2015/dsa-3288"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/74385"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1032198"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

CNVD-2015-02747

Vulnerability from cnvd - Published: 2015-04-28

Title

FFmpeg内存错误引用漏洞

Description

FFmpeg是FFmpeg团队的一套可录制、转换以及流化音视频的完整解决方案。 FFmpeg 2.3.6之前版本的libavcodec/h264.c文件中的‘ff_h264_free_tables’函数存在内存错误引用漏洞。远程攻击者可借助MP4文件中特制的H.264数据利用该漏洞造成拒绝服务。

Severity

中

Patch Name

FFmpeg内存错误引用漏洞的补丁

Patch Description

FFmpeg是FFmpeg团队的一套可录制、转换以及流化音视频的完整解决方案。FFmpeg 2.3.6之前版本的libavcodec/h264.c文件中的‘ff_h264_free_tables’函数存在内存错误引用漏洞。远程攻击者可借助MP4文件中特制的H.264数据利用该漏洞造成拒绝服务。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

目前厂商已经发布了升级补丁以修复此安全问题，补丁获取链接： http://ffmpeg.org/olddownload.html

Reference

https://github.com/FFmpeg/FFmpeg/commit/e8714f6f93d1a32f4e4655209960afcf4c185214

Impacted products

Name
FFmpeg Ffmpeg <2.3.6

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2015-3417"
    }
  },
  "description": "FFmpeg\u662fFFmpeg\u56e2\u961f\u7684\u4e00\u5957\u53ef\u5f55\u5236\u3001\u8f6c\u6362\u4ee5\u53ca\u6d41\u5316\u97f3\u89c6\u9891\u7684\u5b8c\u6574\u89e3\u51b3\u65b9\u6848\u3002\r\n\r\nFFmpeg 2.3.6\u4e4b\u524d\u7248\u672c\u7684libavcodec/h264.c\u6587\u4ef6\u4e2d\u7684\u2018ff_h264_free_tables\u2019\u51fd\u6570\u5b58\u5728\u5185\u5b58\u9519\u8bef\u5f15\u7528\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u501f\u52a9MP4\u6587\u4ef6\u4e2d\u7279\u5236\u7684H.264\u6570\u636e\u5229\u7528\u8be5\u6f0f\u6d1e\u9020\u6210\u62d2\u7edd\u670d\u52a1\u3002",
  "discovererName": "FFmpeg",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6b64\u5b89\u5168\u95ee\u9898\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttp://ffmpeg.org/olddownload.html",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2015-02747",
  "openTime": "2015-04-28",
  "patchDescription": "FFmpeg\u662fFFmpeg\u56e2\u961f\u7684\u4e00\u5957\u53ef\u5f55\u5236\u3001\u8f6c\u6362\u4ee5\u53ca\u6d41\u5316\u97f3\u89c6\u9891\u7684\u5b8c\u6574\u89e3\u51b3\u65b9\u6848\u3002FFmpeg 2.3.6\u4e4b\u524d\u7248\u672c\u7684libavcodec/h264.c\u6587\u4ef6\u4e2d\u7684\u2018ff_h264_free_tables\u2019\u51fd\u6570\u5b58\u5728\u5185\u5b58\u9519\u8bef\u5f15\u7528\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u501f\u52a9MP4\u6587\u4ef6\u4e2d\u7279\u5236\u7684H.264\u6570\u636e\u5229\u7528\u8be5\u6f0f\u6d1e\u9020\u6210\u62d2\u7edd\u670d\u52a1\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "FFmpeg\u5185\u5b58\u9519\u8bef\u5f15\u7528\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "FFmpeg Ffmpeg \u003c2.3.6"
  },
  "referenceLink": "https://github.com/FFmpeg/FFmpeg/commit/e8714f6f93d1a32f4e4655209960afcf4c185214",
  "serverity": "\u4e2d",
  "submitTime": "2015-04-27",
  "title": "FFmpeg\u5185\u5b58\u9519\u8bef\u5f15\u7528\u6f0f\u6d1e"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2015-3417 (GCVE-0-2015-3417)

OPENSUSE-SU-2024:10926-1

GSD-2015-3417

FKIE_CVE-2015-3417

GHSA-9323-4X78-29MV

CNVD-2015-02747

Tags

Sightings

Nomenclature