Executive Summary
Summary | |
---|---|
Title | FFmpeg vulnerabilities |
Informations | |||
---|---|---|---|
Name | USN-931-1 | First vendor Publication | 2010-04-19 |
Vendor | Ubuntu | Last vendor Modification | 2010-04-19 |
Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 10 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
A security issue affects the following Ubuntu releases: Ubuntu 8.04 LTS Ubuntu 8.10 Ubuntu 9.04 Ubuntu 9.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 8.04 LTS: Ubuntu 8.10: Ubuntu 9.04: Ubuntu 9.10: In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: It was discovered that FFmpeg contained multiple security issues when handling certain multimedia files. If a user were tricked into opening a crafted multimedia file, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program. |
Original Source
Url : http://www.ubuntu.com/usn/USN-931-1 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
71 % | CWE-189 | Numeric Errors (CWE/SANS Top 25) |
14 % | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
14 % | CWE-94 | Failure to Control Generation of Code ('Code Injection') |
OVAL Definitions
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Application | 1 |
OpenVAS Exploits
Date | Description |
---|---|
2011-07-22 | Name : Mandriva Update for blender MDVSA-2011:112 (blender) File : nvt/gb_mandriva_MDVSA_2011_112.nasl |
2011-07-22 | Name : Mandriva Update for blender MDVSA-2011:114 (blender) File : nvt/gb_mandriva_MDVSA_2011_114.nasl |
2011-05-17 | Name : Mandriva Update for mplayer MDVSA-2011:088 (mplayer) File : nvt/gb_mandriva_MDVSA_2011_088.nasl |
2011-04-06 | Name : Mandriva Update for ffmpeg MDVSA-2011:060 (ffmpeg) File : nvt/gb_mandriva_MDVSA_2011_060.nasl |
2011-04-06 | Name : Mandriva Update for ffmpeg MDVSA-2011:061 (ffmpeg) File : nvt/gb_mandriva_MDVSA_2011_061.nasl |
2010-04-30 | Name : Ubuntu Update for ffmpeg, ffmpeg-debian regression USN-931-2 File : nvt/gb_ubuntu_USN_931_2.nasl |
2010-04-29 | Name : Ubuntu Update for ffmpeg, ffmpeg-debian vulnerabilities USN-931-1 File : nvt/gb_ubuntu_USN_931_1.nasl |
2010-02-25 | Name : Debian Security Advisory DSA 2000-1 (ffmpeg-debian) File : nvt/deb_2000_1.nasl |
2010-02-17 | Name : FFmpeg multiple vulnerabilities (Linux) File : nvt/gb_ffmpeg_mult_vuln_lin.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
62328 | FFmpeg vorbis_dec.c Array Index Error Out-of-bounds Read Remote DoS |
62327 | FFmpeg mov.c Out-of-bounds Memory Pointer Underflow |
58510 | FFmpeg AVI Demuxer av_rescale_rnd Function Divide-by-zero DoS |
58509 | FFmpeg Multiple Overflows |
58507 | FFmpeg Multiple File MOV Container Handling Overflow |
58506 | FFmpeg vorbis_dec.c Validation Check Underflow |
58505 | FFmpeg vorbis_dec.c Assignment Operator Remote Overflow DoS ffmpeg contains a flaw that may allow a remote denial of service. The issue is triggered when processing a specially crafted MJPG encoded AVI file which causes a dereference of invalid memory, and will result in loss of availability for the service |
58504 | FFmpeg oggparsevorbis.c Out-of-bounds Read Remote DoS |
Snort® IPS/IDS
Date | Description |
---|---|
2014-01-10 | FFmpeg OGV file format memory corruption attempt RuleID : 16353 - Revision : 14 - Type : FILE-MULTIMEDIA |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2013-10-27 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201310-12.nasl - Type : ACT_GATHER_INFO |
2011-07-19 | Name : The remote Mandriva Linux host is missing a security update. File : mandriva_MDVSA-2011-112.nasl - Type : ACT_GATHER_INFO |
2011-07-19 | Name : The remote Mandriva Linux host is missing a security update. File : mandriva_MDVSA-2011-114.nasl - Type : ACT_GATHER_INFO |
2011-05-17 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2011-088.nasl - Type : ACT_GATHER_INFO |
2011-04-04 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2011-060.nasl - Type : ACT_GATHER_INFO |
2011-04-04 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2011-061.nasl - Type : ACT_GATHER_INFO |
2010-04-27 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-931-2.nasl - Type : ACT_GATHER_INFO |
2010-04-20 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-931-1.nasl - Type : ACT_GATHER_INFO |
2010-02-24 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2000.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 12:06:47 |
|