Vulnerability CVE-2017-15186: Information

Description

Double free vulnerability in FFmpeg 3.3.4 and earlier allows remote attackers to cause a denial of service via a crafted AVI file.

Severity: MEDIUM (6.5) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

URL: https://nvd.nist.gov/vuln/detail/CVE-2017-15186

Published: Oct. 24, 2017

Modified: Nov. 29, 2017

Error type identifier: CWE-415

Fixed packages

Package name	Branch	Fixed in version	Version from repository	Errata ID	Task #	State
ffmpeg	sisyphus	3.3.5-alt1	6.1.1-alt3	ALT-PU-2017-2526-1	192418	Fixed
ffmpeg	p10	3.3.5-alt1	4.4.4-alt1	ALT-PU-2017-2526-1	192418	Fixed
ffmpeg	p9	3.3.5-alt1	4.3.6-alt1	ALT-PU-2017-2526-1	192418	Fixed
ffmpeg	c10f1	3.3.5-alt1	4.4.4-alt1	ALT-PU-2017-2526-1	192418	Fixed
ffmpeg	c9f2	3.3.5-alt1	4.3.6-alt1	ALT-PU-2017-2526-1	192418	Fixed
ffmpeg	p11	3.3.5-alt1	6.1.1-alt3	ALT-PU-2017-2526-1	192418	Fixed

Hyperlink	Resource
101518	Third Party Advisory VDB Entry
[oss-security] 20171020 [CVE-2017-15186]: ffmpeg: Double free when ffmpeg parsing an craft AVI file to MKV file using ffvhuff decoder	Mailing List Patch Third Party Advisory
DSA-4049

Affected configurations:
1. Configuration 1
  cpe:2.3:a:ffmpeg:ffmpeg:*:*:*:*:*:*:*:*
  End including
  3.3.4

Version: v24.5.3