Executive Summary
Summary | |
---|---|
Title | FFmpeg vulnerabilities |
Informations | |||
---|---|---|---|
Name | USN-1104-1 | First vendor Publication | 2011-04-04 |
Vendor | Ubuntu | Last vendor Modification | 2011-04-04 |
Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 9.3 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Medium |
Cvss Expoit Score | 8.6 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
A security issue affects the following Ubuntu releases: Ubuntu 8.04 LTS Ubuntu 9.10 Ubuntu 10.04 LTS Ubuntu 10.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 8.04 LTS: Ubuntu 9.10: Ubuntu 10.04 LTS: Ubuntu 10.10: In general, a standard system update will make all the necessary changes. Details follow: Cesar Bernardini and Felipe Andres Manzano discovered that FFmpeg incorrectly handled certain malformed flic files. If a user were tricked into opening a crafted flic file, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program. This issue only affected Ubuntu 8.04 LTS, 9.10 and 10.04 LTS. (CVE-2010-3429) Dan Rosenberg discovered that FFmpeg incorrectly handled certain malformed wmv files. If a user were tricked into opening a crafted wmv file, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program. This issue only affected Ubuntu 8.04 LTS, 9.10 and 10.04 LTS. (CVE-2010-3908) It was discovered that FFmpeg incorrectly handled certain malformed ogg files. If a user were tricked into opening a crafted ogg file, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2010-4704) It was discovered that FFmpeg incorrectly handled certain malformed WebM files. If a user were tricked into opening a crafted WebM file, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2011-0480) Dan Rosenberg discovered that FFmpeg incorrectly handled certain malformed RealMedia files. If a user were tricked into opening a crafted RealMedia file, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program. This issue only affected Ubuntu 8.04 LTS, 9.10 and 10.04 LTS. (CVE-2011-0722) Dan Rosenberg discovered that FFmpeg incorrectly handled certain malformed VC1 files. If a user were tricked into opening a crafted VC1 file, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2011-0723) |
Original Source
Url : http://www.ubuntu.com/usn/USN-1104-1 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
33 % | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
17 % | CWE-399 | Resource Management Errors |
17 % | CWE-120 | Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') (CWE/SANS Top 25) |
17 % | CWE-94 | Failure to Control Generation of Code ('Code Injection') |
17 % | CWE-20 | Improper Input Validation |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:14380 | |||
Oval ID: | oval:org.mitre.oval:def:14380 | ||
Title: | Multiple buffer overflows in vorbis_dec.c in the Vorbis decoder in FFmpeg, as used in Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344, allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via a crafted WebM file, related to buffers for (1) the channel floor and (2) the channel residue. | ||
Description: | Multiple buffer overflows in vorbis_dec.c in the Vorbis decoder in FFmpeg, as used in Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344, allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via a crafted WebM file, related to buffers for (1) the channel floor and (2) the channel residue. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2011-0480 | Version: | 15 |
Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 | Product(s): | Google Chrome |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:15128 | |||
Oval ID: | oval:org.mitre.oval:def:15128 | ||
Title: | DSA-2306-1 ffmpeg -- several | ||
Description: | Several vulnerabilities have been discovered in ffmpeg, a multimedia player, server and encoder. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2010-3908 FFmpeg before 0.5.4, allows remote attackers to cause a denial of service or possibly execute arbitrary code via a malformed WMV file. CVE-2010-4704 libavcodec/vorbis_dec.c in the Vorbis decoder in FFmpeg allows remote attackers to cause a denial of service via a crafted .ogg file, related to the vorbis_floor0_decode function. CVE-2011-0480 Multiple buffer overflows in vorbis_dec.c in the Vorbis decoder in FFmpeg allow remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted WebM file, related to buffers for the channel floor and the channel residue. CVE-2011-0722 FFmpeg allows remote attackers to cause a denial of service or possibly execute arbitrary code via a malformed RealMedia file. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-2306-1 CVE-2010-3908 CVE-2010-4704 CVE-2011-0480 CVE-2011-0722 CVE-2011-0723 | Version: | 5 |
Platform(s): | Debian GNU/Linux 6.0 Debian GNU/kFreeBSD 6.0 | Product(s): | ffmpeg |
Definition Synopsis: | |||
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2011-09-21 | Name : Debian Security Advisory DSA 2306-1 (ffmpeg) File : nvt/deb_2306_1.nasl |
2011-07-22 | Name : Mandriva Update for blender MDVSA-2011:112 (blender) File : nvt/gb_mandriva_MDVSA_2011_112.nasl |
2011-07-22 | Name : Mandriva Update for blender MDVSA-2011:114 (blender) File : nvt/gb_mandriva_MDVSA_2011_114.nasl |
2011-05-17 | Name : Mandriva Update for mplayer MDVSA-2011:088 (mplayer) File : nvt/gb_mandriva_MDVSA_2011_088.nasl |
2011-05-17 | Name : Mandriva Update for mplayer MDVSA-2011:089 (mplayer) File : nvt/gb_mandriva_MDVSA_2011_089.nasl |
2011-04-06 | Name : Mandriva Update for ffmpeg MDVSA-2011:060 (ffmpeg) File : nvt/gb_mandriva_MDVSA_2011_060.nasl |
2011-04-06 | Name : Mandriva Update for ffmpeg MDVSA-2011:061 (ffmpeg) File : nvt/gb_mandriva_MDVSA_2011_061.nasl |
2011-04-06 | Name : Mandriva Update for ffmpeg MDVSA-2011:062 (ffmpeg) File : nvt/gb_mandriva_MDVSA_2011_062.nasl |
2011-04-06 | Name : Ubuntu Update for ffmpeg vulnerabilities USN-1104-1 File : nvt/gb_ubuntu_USN_1104_1.nasl |
2011-03-07 | Name : Debian Security Advisory DSA 2165-1 (ffmpeg-debian) File : nvt/deb_2165_1.nasl |
2011-01-27 | Name : Google Chrome multiple vulnerabilities - Jan11 (Linux) File : nvt/gb_google_chrome_mult_vuln_jan11_lin.nasl |
2011-01-27 | Name : Google Chrome multiple vulnerabilities - Jan11 (Windows) File : nvt/gb_google_chrome_mult_vuln_jan11_win.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
72579 | FFmpeg Malformed WMV File Handling Memory Corruption A memory corruption flaw exists in ffmpeg . The function fails to sanitize user-supplied file resulting in memory corruption. With a specially crafted file, an attacker can execute arbitrary code. |
72578 | FFmpeg RealMedia File Handling Memory Corruption DoS |
72574 | FFmpeg Malformed VC-1 File Handling DoS |
70650 | FFmpeg Vorbis Decoder libavcodec/vorbis_dec.c vorbis_floor0_decode Function O... FFmpeg contains a flaw that may allow a denial of service. The issue is triggered when an error in 'libavcodec/vorbis_dec.c' in the Vorbis decoder occurs, allowing a context-dependent attacker to use a crafted .ogg file to cause a denial of service. |
70463 | FFmpeg Vorbis Decoder vorbis_dec.c WebM File Handling Multiple Overflow DoS |
68269 | FFmpeg libavcodec/flicvideo.c Multiple Function Array Indexing Memory Corruption |
Snort® IPS/IDS
Date | Description |
---|---|
2014-01-10 | Google Chrome Uninitialized bug_report Pointer Code Execution RuleID : 19217 - Revision : 14 - Type : BROWSER-CHROME |
2014-01-10 | Google Chrome Uninitialized bug_report Pointer Code Execution RuleID : 19216 - Revision : 14 - Type : BROWSER-CHROME |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2013-10-27 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201310-12.nasl - Type : ACT_GATHER_INFO |
2013-10-27 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201310-13.nasl - Type : ACT_GATHER_INFO |
2011-09-12 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2306.nasl - Type : ACT_GATHER_INFO |
2011-07-19 | Name : The remote Mandriva Linux host is missing a security update. File : mandriva_MDVSA-2011-112.nasl - Type : ACT_GATHER_INFO |
2011-07-19 | Name : The remote Mandriva Linux host is missing a security update. File : mandriva_MDVSA-2011-114.nasl - Type : ACT_GATHER_INFO |
2011-05-17 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2011-088.nasl - Type : ACT_GATHER_INFO |
2011-05-17 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2011-089.nasl - Type : ACT_GATHER_INFO |
2011-04-05 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1104-1.nasl - Type : ACT_GATHER_INFO |
2011-04-04 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2011-060.nasl - Type : ACT_GATHER_INFO |
2011-04-04 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2011-061.nasl - Type : ACT_GATHER_INFO |
2011-04-04 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2011-062.nasl - Type : ACT_GATHER_INFO |
2011-02-20 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2165.nasl - Type : ACT_GATHER_INFO |
2011-01-13 | Name : The remote host contains a web browser that is affected by multiple vulnerabi... File : google_chrome_8_0_552_237.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:58:28 |
|