Executive Summary

Informations
NameMDVSA-2011:059First vendor Publication2011-04-01
VendorMandrivaLast vendor Modification2011-04-01
Severity (Vendor) N/ARevisionN/A

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C)
Cvss Base Score10Attack RangeNetwork
Cvss Impact Score10Attack ComplexityLow
Cvss Expoit Score10AuthenticationNone Required
Calculate full CVSS 2.0 Vectors scores

Detail

Multiple vulnerabilities has been identified and fixed in ffmpeg:

Multiple integer underflows in FFmpeg 0.5 allow remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted file that (1) bypasses a validation check in vorbis_dec.c and triggers a wraparound of the stack pointer, or (2) access a pointer from out-of-bounds memory in mov.c, related to an elst tag that appears before a tag that creates a stream. (CVE-2009-4634)

FFmpeg 0.5 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted MOV container with improperly ordered tags that cause (1) mov.c and (2) utils.c to use inconsistent codec types and identifiers, which causes the mp3 decoder to process a pointer for a video structure, leading to a stack-based buffer overflow. (CVE-2009-4635)

The av_rescale_rnd function in the AVI demuxer in FFmpeg 0.5 allows remote attackers to cause a denial of service (crash) via a crafted AVI file that triggers a divide-by-zero error. (CVE-2009-4639)

And several additional vulnerabilites originally discovered by Google Chrome developers were also fixed with this advisory.

The updated packages have been patched to correct these issues.

Original Source

Url : http://www.mandriva.com/security/advisories?name=MDVSA-2011:059

CWE : Common Weakness Enumeration

idName
CWE-189Numeric Errors
CWE-94Failure to Control Generation of Code ('Code Injection')

CPE : Common Platform Enumeration

TypeDescriptionCount
Application15
Application1
Os1
Os1
Os3

OpenVAS Exploits

DateDescription
2011-07-22Name : Mandriva Update for blender MDVSA-2011:112 (blender)
File : nvt/gb_mandriva_MDVSA_2011_112.nasl
2011-07-22Name : Mandriva Update for blender MDVSA-2011:114 (blender)
File : nvt/gb_mandriva_MDVSA_2011_114.nasl
2011-05-17Name : Mandriva Update for mplayer MDVSA-2011:088 (mplayer)
File : nvt/gb_mandriva_MDVSA_2011_088.nasl
2011-04-06Name : Mandriva Update for ffmpeg MDVSA-2011:060 (ffmpeg)
File : nvt/gb_mandriva_MDVSA_2011_060.nasl
2011-04-06Name : Mandriva Update for ffmpeg MDVSA-2011:061 (ffmpeg)
File : nvt/gb_mandriva_MDVSA_2011_061.nasl
2010-04-29Name : Ubuntu Update for ffmpeg, ffmpeg-debian vulnerabilities USN-931-1
File : nvt/gb_ubuntu_USN_931_1.nasl
2010-02-25Name : Debian Security Advisory DSA 2000-1 (ffmpeg-debian)
File : nvt/deb_2000_1.nasl
2010-02-17Name : FFmpeg multiple vulnerabilities (Linux)
File : nvt/gb_ffmpeg_mult_vuln_lin.nasl

Open Source Vulnerability Database (OSVDB)

idDescription
74020FFmpeg on Mandriva Multiple Unspecified Issues
62327FFmpeg mov.c Out-of-bounds Memory Pointer Underflow
58510FFmpeg AVI Demuxer av_rescale_rnd Function Divide-by-zero DoS
58507FFmpeg Multiple File MOV Container Handling Overflow
58506FFmpeg vorbis_dec.c Validation Check Underflow

Snort® IPS/IDS

DateDescription
2014-01-10FFmpeg OGV file format memory corruption attempt
RuleID : 16353 - Revision : 9 - Type : FILE-MULTIMEDIA

Nessus® Vulnerability Scanner

DateDescription
2013-10-27Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201310-12.nasl - Type : ACT_GATHER_INFO
2011-07-19Name : The remote Mandriva Linux host is missing a security update.
File : mandriva_MDVSA-2011-112.nasl - Type : ACT_GATHER_INFO
2011-07-19Name : The remote Mandriva Linux host is missing a security update.
File : mandriva_MDVSA-2011-114.nasl - Type : ACT_GATHER_INFO
2011-05-17Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2011-088.nasl - Type : ACT_GATHER_INFO
2011-05-17Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2011-089.nasl - Type : ACT_GATHER_INFO
2011-04-04Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2011-060.nasl - Type : ACT_GATHER_INFO
2011-04-04Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2011-061.nasl - Type : ACT_GATHER_INFO
2011-04-04Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2011-062.nasl - Type : ACT_GATHER_INFO
2010-04-20Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-931-1.nasl - Type : ACT_GATHER_INFO
2010-02-24Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2000.nasl - Type : ACT_GATHER_INFO