Executive Summary
Informations | |||
---|---|---|---|
Name | MDVSA-2011:088 | First vendor Publication | 2011-05-16 |
Vendor | Mandriva | Last vendor Modification | 2011-05-16 |
Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 10 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Multiple vulnerabilities have been identified and fixed in mplayer: oggparsevorbis.c in FFmpeg 0.5 does not properly perform certain pointer arithmetic, which might allow remote attackers to obtain sensitive memory contents and cause a denial of service via a crafted file that triggers an out-of-bounds read. (CVE-2009-4632) vorbis_dec.c in FFmpeg 0.5 uses an assignment operator when a comparison operator was intended, which might allow remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted file that modifies a loop counter and triggers a heap-based buffer overflow. (CVE-2009-4633) Multiple integer underflows in FFmpeg 0.5 allow remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted file that (1) bypasses a validation check in vorbis_dec.c and triggers a wraparound of the stack pointer, or (2) access a pointer from out-of-bounds memory in mov.c, related to an elst tag that appears before a tag that creates a stream. (CVE-2009-4634) FFmpeg 0.5 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted MOV container with improperly ordered tags that cause (1) mov.c and (2) utils.c to use inconsistent codec types and identifiers, which causes the mp3 decoder to process a pointer for a video structure, leading to a stack-based buffer overflow. (CVE-2009-4635) FFmpeg 0.5 allows remote attackers to cause a denial of service (hang) via a crafted file that triggers an infinite loop. (CVE-2009-4636) The av_rescale_rnd function in the AVI demuxer in FFmpeg 0.5 allows remote attackers to cause a denial of service (crash) via a crafted AVI file that triggers a divide-by-zero error. (CVE-2009-4639) Array index error in vorbis_dec.c in FFmpeg 0.5 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted Vorbis file that triggers an out-of-bounds read. (CVE-2009-4640) flicvideo.c in libavcodec 0.6 and earlier in FFmpeg, as used in MPlayer and other products, allows remote attackers to execute arbitrary code via a crafted flic file, related to an arbitrary offset dereference vulnerability. (CVE-2010-3429) libavcodec/vorbis_dec.c in the Vorbis decoder in FFmpeg 0.6.1 and earlier allows remote attackers to cause a denial of service (application crash) via a crafted .ogg file, related to the vorbis_floor0_decode function. (CVE-2010-4704) And several additional vulnerabilites originally discovered by Google Chrome developers were also fixed with this advisory. Packages for 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more: http://store.mandriva.com/product_info.php?cPath=149&products_id=490 The updated packages have been patched to correct these issues. |
Original Source
Url : http://www.mandriva.com/security/advisories?name=MDVSA-2011:088 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
56 % | CWE-189 | Numeric Errors (CWE/SANS Top 25) |
33 % | CWE-94 | Failure to Control Generation of Code ('Code Injection') |
11 % | CWE-20 | Improper Input Validation |
OVAL Definitions
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2011-09-21 | Name : Debian Security Advisory DSA 2306-1 (ffmpeg) File : nvt/deb_2306_1.nasl |
2011-07-22 | Name : Mandriva Update for blender MDVSA-2011:112 (blender) File : nvt/gb_mandriva_MDVSA_2011_112.nasl |
2011-07-22 | Name : Mandriva Update for blender MDVSA-2011:114 (blender) File : nvt/gb_mandriva_MDVSA_2011_114.nasl |
2011-05-17 | Name : Mandriva Update for mplayer MDVSA-2011:088 (mplayer) File : nvt/gb_mandriva_MDVSA_2011_088.nasl |
2011-05-17 | Name : Mandriva Update for mplayer MDVSA-2011:089 (mplayer) File : nvt/gb_mandriva_MDVSA_2011_089.nasl |
2011-04-06 | Name : Mandriva Update for ffmpeg MDVSA-2011:060 (ffmpeg) File : nvt/gb_mandriva_MDVSA_2011_060.nasl |
2011-04-06 | Name : Mandriva Update for ffmpeg MDVSA-2011:061 (ffmpeg) File : nvt/gb_mandriva_MDVSA_2011_061.nasl |
2011-04-06 | Name : Mandriva Update for ffmpeg MDVSA-2011:062 (ffmpeg) File : nvt/gb_mandriva_MDVSA_2011_062.nasl |
2011-04-06 | Name : Ubuntu Update for ffmpeg vulnerabilities USN-1104-1 File : nvt/gb_ubuntu_USN_1104_1.nasl |
2011-03-07 | Name : Debian Security Advisory DSA 2165-1 (ffmpeg-debian) File : nvt/deb_2165_1.nasl |
2010-04-29 | Name : Ubuntu Update for ffmpeg, ffmpeg-debian vulnerabilities USN-931-1 File : nvt/gb_ubuntu_USN_931_1.nasl |
2010-02-25 | Name : Debian Security Advisory DSA 2000-1 (ffmpeg-debian) File : nvt/deb_2000_1.nasl |
2010-02-17 | Name : FFmpeg multiple vulnerabilities (Linux) File : nvt/gb_ffmpeg_mult_vuln_lin.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
74020 | FFmpeg on Mandriva Multiple Unspecified Issues |
70650 | FFmpeg Vorbis Decoder libavcodec/vorbis_dec.c vorbis_floor0_decode Function O... FFmpeg contains a flaw that may allow a denial of service. The issue is triggered when an error in 'libavcodec/vorbis_dec.c' in the Vorbis decoder occurs, allowing a context-dependent attacker to use a crafted .ogg file to cause a denial of service. |
68269 | FFmpeg libavcodec/flicvideo.c Multiple Function Array Indexing Memory Corruption |
62328 | FFmpeg vorbis_dec.c Array Index Error Out-of-bounds Read Remote DoS |
62327 | FFmpeg mov.c Out-of-bounds Memory Pointer Underflow |
58510 | FFmpeg AVI Demuxer av_rescale_rnd Function Divide-by-zero DoS |
58508 | FFmpeg Unspecified Crafted File Infinite Loop DoS |
58507 | FFmpeg Multiple File MOV Container Handling Overflow |
58506 | FFmpeg vorbis_dec.c Validation Check Underflow |
58505 | FFmpeg vorbis_dec.c Assignment Operator Remote Overflow DoS ffmpeg contains a flaw that may allow a remote denial of service. The issue is triggered when processing a specially crafted MJPG encoded AVI file which causes a dereference of invalid memory, and will result in loss of availability for the service |
58504 | FFmpeg oggparsevorbis.c Out-of-bounds Read Remote DoS |
Snort® IPS/IDS
Date | Description |
---|---|
2014-01-10 | FFmpeg OGV file format memory corruption attempt RuleID : 16353 - Revision : 14 - Type : FILE-MULTIMEDIA |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2013-10-27 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201310-12.nasl - Type : ACT_GATHER_INFO |
2013-10-27 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201310-13.nasl - Type : ACT_GATHER_INFO |
2011-09-12 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2306.nasl - Type : ACT_GATHER_INFO |
2011-07-19 | Name : The remote Mandriva Linux host is missing a security update. File : mandriva_MDVSA-2011-112.nasl - Type : ACT_GATHER_INFO |
2011-07-19 | Name : The remote Mandriva Linux host is missing a security update. File : mandriva_MDVSA-2011-114.nasl - Type : ACT_GATHER_INFO |
2011-05-17 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2011-088.nasl - Type : ACT_GATHER_INFO |
2011-05-17 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2011-089.nasl - Type : ACT_GATHER_INFO |
2011-04-05 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1104-1.nasl - Type : ACT_GATHER_INFO |
2011-04-04 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2011-060.nasl - Type : ACT_GATHER_INFO |
2011-04-04 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2011-061.nasl - Type : ACT_GATHER_INFO |
2011-04-04 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2011-062.nasl - Type : ACT_GATHER_INFO |
2011-02-20 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2165.nasl - Type : ACT_GATHER_INFO |
2010-04-20 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-931-1.nasl - Type : ACT_GATHER_INFO |
2010-02-24 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2000.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:42:15 |
|