Date published: 2015-02-27T20:59:00.073-05:00
Date last modified: 2016-11-29T21:59:08.390-05:00
CVSS Score: 6.8
Principal attack vector: NETWORK
Reference URL: http://seclists.org/oss-sec/2015/q1/38
Summary: The seg_write_packet function in libavformat/segment.c in ffmpeg 2.1.4 and earlier does not free the correct memory location, which allows remote attackers to cause a denial of service (“invalid memory handler”) and possibly execute arbitrary code via a crafted video that triggers a use after free.