CVE-2017-15186

Опубликовано: 24 окт. 2017

Источник: nvd

CVSS3: 6.5

CVSS2: 4.3

EPSS Низкий

Описание

Double free vulnerability in FFmpeg 3.3.4 and earlier allows remote attackers to cause a denial of service via a crafted AVI file.

Ссылки

http://www.openwall.com/lists/oss-security/2017/10/20/4
Mailing List
Patch
Third Party Advisory
http://www.securityfocus.com/bid/101518
Third Party Advisory
VDB Entry
https://www.debian.org/security/2017/dsa-4049
http://www.openwall.com/lists/oss-security/2017/10/20/4
Mailing List
Patch
Third Party Advisory
http://www.securityfocus.com/bid/101518
Third Party Advisory
VDB Entry
https://www.debian.org/security/2017/dsa-4049

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:ffmpeg:ffmpeg:*:*:*:*:*:*:*:*

Версия до 3.3.4 (включая)

EPSS

Процентиль: 67%

0.00552

Низкий

6.5 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-415

Связанные уязвимости

CVE-2017-15186

CVSS3: 6.5

ubuntu

больше 8 лет назад

Double free vulnerability in FFmpeg 3.3.4 and earlier allows remote attackers to cause a denial of service via a crafted AVI file.

CVE-2017-15186

CVSS3: 6.5

debian

больше 8 лет назад

Double free vulnerability in FFmpeg 3.3.4 and earlier allows remote at ...

GHSA-7fhm-w7hc-j7ph

CVSS3: 6.5

github

больше 3 лет назад

Double free vulnerability in FFmpeg 3.3.4 and earlier allows remote attackers to cause a denial of service via a crafted AVI file.

EPSS

Процентиль: 67%

0.00552

Низкий

6.5 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-415