Reuse Vulnerability after the FFmpeg ff_h1__free_tables function is released

Reuse Vulnerability after the FFmpeg ff_h1__free_tables function is released
Reuse Vulnerability after the FFmpeg ff_h1__free_tables function is released

Release date:
Updated on:

Affected Systems:

FFmpeg <2.3.6

Description:

CVE (CAN) ID: CVE-2015-3417

FFmpeg is a free software that allows you to perform video, transfer, and stream functions in multiple formats of audio and video.

In versions earlier than FFmpeg 2.3.6, The ff_h1__free_tables function in libavcodec/h264.c has the vulnerability of re-exploitation after release. Remote attackers construct H.264 data in MP4 files. This vulnerability can cause DOS.

<* Source: FFmpeg
*>

Suggestion:

Vendor patch:

FFmpeg
------
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:

Https://github.com/FFmpeg/FFmpeg/commit/e8714f6f93d1a32f4e4655209960afcf4c185214

Compile FFmpeg in Linux to download and compile the source file

Linux compiling and upgrading FFmpeg

Install FFMPEG on CentOS 5.6

Install FFmpeg in Ubuntu

Compile ffmpeg in Ubuntu 12.04

Install FFmpeg 2.2.2 In PPA in Ubuntu 14.04

FFmpeg details: click here
FFmpeg: click here

This article permanently updates the link address: