FFmpeg up to 3.3.3 SDP File rtpdec_h264.c sdp_parse_fmtp_config_h264 Parameter memory corruption

entryeditHistoryDiffjsonxmlCTI

A vulnerability classified as critical has been found in FFmpeg up to 3.3.3 (Multimedia Processing Software). This affects the function sdp_parse_fmtp_config_h264 of the file libavformat/rtpdec_h264.c of the component SDP File Handler. Upgrading to version 3.3.4 eliminates this vulnerability. A possible mitigation has been published 2 weeks after the disclosure of the vulnerability.

Timeline

The analysis of the timeline helps to identify the required approach and handling of single vulnerabilities and vulnerability collections. This overview makes it possible to see less important slices and more severe hotspots at a glance. Initiating immediate vulnerability response and prioritizing of issues is possible.

User

Field

Commit Conf

Approve Conf

IDCommitedUserFieldChangeRemarksModeratedReasonC
1082018801/14/2021VulD...cvss2_nvd_basescore6.8nist.gov01/14/2021accepted90
1082018701/14/2021VulD...person_nameBingchangsecurityfocus.com01/14/2021accepted70
714264311/20/2019VulD...securityfocus_classBoundary Condition Errorsecurityfocus.com11/20/2019accepted100
714264211/20/2019VulD...securityfocus_date1506470400 (09/27/2017)securityfocus.com11/20/2019accepted100
714263411/20/2019VulD...date1507593600 (10/10/2017)11/20/2019accepted100
714263111/20/2019VulD...confirm_urlhttps://github.com/FFmpeg/FFmpeg/commit/c42a1388a6d1bfd8001bf6a4241d8ca27e49326dgithub.com11/20/2019accepted100
714259111/20/2019VulD...discoverydate150353280011/20/2019accepted100
714266809/28/2017VulD...cvss3_nvd_basescore8.8nist.gov09/28/2017accepted90
714266709/28/2017VulD...exposure_days1309/28/2017accepted90
714266609/28/2017VulD...0day_days3409/28/2017accepted90
714266509/28/2017VulD...reaction_days1309/28/2017accepted90
714266409/28/2017VulD...cvss3_vuldb_rcU09/28/2017accepted90
714266309/28/2017VulD...cvss3_vuldb_rlO09/28/2017accepted90
714266209/28/2017VulD...cvss3_vuldb_eX09/28/2017accepted90
714266109/28/2017VulD...cvss2_vuldb_rcUC09/28/2017accepted90
714266009/28/2017VulD...cvss2_vuldb_rlOF09/28/2017accepted90
714265909/28/2017VulD...cvss2_vuldb_eND09/28/2017accepted90
714265809/28/2017VulD...seealso102891 102892 106023 106024 106025 106186 106187 109163 110184 112831 113935 121963 12208509/28/2017accepted100
714265709/28/2017VulD...qualys_titleDebian Security Update for libav (DLA 1630-1)qualys.com09/28/2017accepted100
714265609/28/2017VulD...qualys_id176709qualys.com09/28/2017accepted100

Do you need the next level of professionalism?

Upgrade your account now!