Executive Summary

Informations
NameMDVSA-2011:062First vendor Publication2011-04-01
VendorMandrivaLast vendor Modification2011-04-01
Severity (Vendor) N/ARevisionN/A

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C)
Cvss Base Score10Attack RangeNetwork
Cvss Impact Score10Attack ComplexityLow
Cvss Expoit Score10AuthenticationNone Required
Calculate full CVSS 2.0 Vectors scores

Detail

Multiple vulnerabilities has been identified and fixed in ffmpeg:

FFmpeg 0.5 allows remote attackers to cause a denial of service (hang) via a crafted file that triggers an infinite loop. (CVE-2009-4636)

flicvideo.c in libavcodec 0.6 and earlier in FFmpeg, as used in MPlayer and other products, allows remote attackers to execute arbitrary code via a crafted flic file, related to an arbitrary offset dereference vulnerability. (CVE-2010-3429)

libavcodec/vorbis_dec.c in the Vorbis decoder in FFmpeg 0.6.1 and earlier allows remote attackers to cause a denial of service (application crash) via a crafted .ogg file, related to the vorbis_floor0_decode function. (CVE-2010-4704)

Fix heap corruption crashes (CVE-2011-0722)

Fix invalid reads in VC-1 decoding (CVE-2011-0723)

And several additional vulnerabilites originally discovered by Google Chrome developers were also fixed with this advisory.

The updated packages have been patched to correct these issues.

Original Source

Url : http://www.mandriva.com/security/advisories?name=MDVSA-2011:062

CWE : Common Weakness Enumeration

idName
CWE-94Failure to Control Generation of Code ('Code Injection')
CWE-399Resource Management Errors
CWE-119Failure to Constrain Operations within the Bounds of a Memory Buffer
CWE-20Improper Input Validation

CPE : Common Platform Enumeration

TypeDescriptionCount
Application21
Application1
Application1
Application93
Os1
Os1
Os3

OpenVAS Exploits

DateDescription
2011-09-21Name : Debian Security Advisory DSA 2306-1 (ffmpeg)
File : nvt/deb_2306_1.nasl
2011-07-22Name : Mandriva Update for blender MDVSA-2011:112 (blender)
File : nvt/gb_mandriva_MDVSA_2011_112.nasl
2011-07-22Name : Mandriva Update for blender MDVSA-2011:114 (blender)
File : nvt/gb_mandriva_MDVSA_2011_114.nasl
2011-05-17Name : Mandriva Update for mplayer MDVSA-2011:088 (mplayer)
File : nvt/gb_mandriva_MDVSA_2011_088.nasl
2011-05-17Name : Mandriva Update for mplayer MDVSA-2011:089 (mplayer)
File : nvt/gb_mandriva_MDVSA_2011_089.nasl
2011-04-06Name : Mandriva Update for ffmpeg MDVSA-2011:060 (ffmpeg)
File : nvt/gb_mandriva_MDVSA_2011_060.nasl
2011-04-06Name : Mandriva Update for ffmpeg MDVSA-2011:061 (ffmpeg)
File : nvt/gb_mandriva_MDVSA_2011_061.nasl
2011-04-06Name : Mandriva Update for ffmpeg MDVSA-2011:062 (ffmpeg)
File : nvt/gb_mandriva_MDVSA_2011_062.nasl
2011-04-06Name : Ubuntu Update for ffmpeg vulnerabilities USN-1104-1
File : nvt/gb_ubuntu_USN_1104_1.nasl
2011-03-07Name : Debian Security Advisory DSA 2165-1 (ffmpeg-debian)
File : nvt/deb_2165_1.nasl
2010-02-25Name : Debian Security Advisory DSA 2000-1 (ffmpeg-debian)
File : nvt/deb_2000_1.nasl
2010-02-17Name : FFmpeg multiple vulnerabilities (Linux)
File : nvt/gb_ffmpeg_mult_vuln_lin.nasl

Open Source Vulnerability Database (OSVDB)

idDescription
74020FFmpeg on Mandriva Multiple Unspecified Issues
72578FFmpeg RealMedia File Handling Memory Corruption DoS
72574FFmpeg Malformed VC-1 File Handling DoS
70650FFmpeg Vorbis Decoder libavcodec/vorbis_dec.c vorbis_floor0_decode Function O...
68269FFmpeg libavcodec/flicvideo.c Multiple Function Array Indexing Memory Corruption
58508FFmpeg Unspecified Crafted File Infinite Loop DoS

Snort® IPS/IDS

DateDescription
2014-01-10FFmpeg OGV file format memory corruption attempt
RuleID : 16353 - Revision : 9 - Type : FILE-MULTIMEDIA

Nessus® Vulnerability Scanner

DateDescription
2013-10-27Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201310-12.nasl - Type : ACT_GATHER_INFO
2013-10-27Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201310-13.nasl - Type : ACT_GATHER_INFO
2011-09-12Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2306.nasl - Type : ACT_GATHER_INFO
2011-07-19Name : The remote Mandriva Linux host is missing a security update.
File : mandriva_MDVSA-2011-112.nasl - Type : ACT_GATHER_INFO
2011-07-19Name : The remote Mandriva Linux host is missing a security update.
File : mandriva_MDVSA-2011-114.nasl - Type : ACT_GATHER_INFO
2011-05-17Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2011-088.nasl - Type : ACT_GATHER_INFO
2011-05-17Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2011-089.nasl - Type : ACT_GATHER_INFO
2011-04-05Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-1104-1.nasl - Type : ACT_GATHER_INFO
2011-04-04Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2011-060.nasl - Type : ACT_GATHER_INFO
2011-04-04Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2011-061.nasl - Type : ACT_GATHER_INFO
2011-04-04Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2011-062.nasl - Type : ACT_GATHER_INFO
2011-02-20Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2165.nasl - Type : ACT_GATHER_INFO
2010-02-24Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2000.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
DateInformations
2014-02-17 11:42:09
  • Multiple Updates