Main Vulnerability Database SB2017120761

SB2017120761 - Double free error in ffmpeg (Alpine package)

Published: December 7, 2017

Security Bulletin ID SB2017120761

Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Denial of service

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Double free error (CVE-ID: CVE-2017-15186)

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The vulnerability exists due to double free error when processing malicious input. A remote attacker can send a specially crafted AVI file, trick the victim into opening it and cause the service to crash.

Successful exploitation of the vulnerability results in denial of service.

Remediation

Install update from vendor's website.

References

https://git.alpinelinux.org/aports/commit/?id=beb6c402470c5f9bc5bcd17d8b57bfbd52785ec6
https://git.alpinelinux.org/aports/commit/?id=48e351c55b295e4281b7bc1b8a0223bc878c1bf3
https://git.alpinelinux.org/aports/commit/?id=1012b905bec72936b78cbe2de9cff631fc0b695b