Executive Summary
| Summary | |
|---|---|
| Title | New vlc packages fix arbitrary code execution |
| Informations | |||
|---|---|---|---|
| Name | DSA-1004 | First vendor Publication | 2006-03-16 |
| Vendor | Debian | Last vendor Modification | 2006-03-16 |
| Severity (Vendor) | N/A | Revision | 1 |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P) | |||
|---|---|---|---|
| Cvss Base Score | 7.5 | Attack Range | Network |
| Cvss Impact Score | 6.4 | Attack Complexity | Low |
| Cvss Expoit Score | 10 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| Simon Kilvington discovered that specially crafted PNG images can trigger a heap overflow in libavcodec, the multimedia library of ffmpeg, which may lead to the execution of arbitrary code. The vlc media player links statically against libavcodec. The old stable distribution (woody) isn't affected by this problem. For the stable distribution (sarge) this problem has been fixed in version 0.8.1.svn20050314-1sarge1. For the unstable distribution (sid) this problem has been fixed in version 0.8.4.debian-2. We recommend that you upgrade your vlc package. |
Original Source
| Url : http://www.debian.org/security/2006/dsa-1004 |
CWE : Common Weakness Enumeration
| % | Id | Name |
|---|---|---|
| 100 % | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
CPE : Common Platform Enumeration
| Type | Description | Count |
|---|---|---|
| Application | 5 |
OpenVAS Exploits
| Date | Description |
|---|---|
| 2008-09-24 | Name : Gentoo Security Advisory GLSA 200601-06 (xine-lib ffmpeg) File : nvt/glsa_200601_06.nasl |
| 2008-09-24 | Name : Gentoo Security Advisory GLSA 200602-01 (gst-plugins-ffmpeg) File : nvt/glsa_200602_01.nasl |
| 2008-09-24 | Name : Gentoo Security Advisory GLSA 200603-03 (MPlayer) File : nvt/glsa_200603_03.nasl |
| 2008-09-04 | Name : FreeBSD Ports: ffmpeg File : nvt/freebsd_ffmpeg.nasl |
| 2008-01-17 | Name : Debian Security Advisory DSA 1004-1 (vlc) File : nvt/deb_1004_1.nasl |
| 2008-01-17 | Name : Debian Security Advisory DSA 1005-1 (xine-lib) File : nvt/deb_1005_1.nasl |
| 2008-01-17 | Name : Debian Security Advisory DSA 992-1 (ffmpeg) File : nvt/deb_992_1.nasl |
| 0000-00-00 | Name : Slackware Advisory SSA:2006-207-04 xine-lib File : nvt/esoft_slk_ssa_2006_207_04.nasl |
Open Source Vulnerability Database (OSVDB)
| Id | Description |
|---|---|
| 21458 | FFmpeg libavcodec avcodec_default_get_buffer Function Overflow |
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2007-02-18 | Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2006-176.nasl - Type : ACT_GATHER_INFO |
| 2007-02-18 | Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2006-175.nasl - Type : ACT_GATHER_INFO |
| 2007-02-18 | Name : The remote Mandrake Linux host is missing a security update. File : mandrake_MDKSA-2006-174.nasl - Type : ACT_GATHER_INFO |
| 2007-02-18 | Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2006-173.nasl - Type : ACT_GATHER_INFO |
| 2006-10-14 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1004.nasl - Type : ACT_GATHER_INFO |
| 2006-10-14 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1005.nasl - Type : ACT_GATHER_INFO |
| 2006-10-14 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-992.nasl - Type : ACT_GATHER_INFO |
| 2006-07-28 | Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2006-207-04.nasl - Type : ACT_GATHER_INFO |
| 2006-03-06 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200603-03.nasl - Type : ACT_GATHER_INFO |
| 2006-02-06 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200602-01.nasl - Type : ACT_GATHER_INFO |
| 2006-01-21 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-230-2.nasl - Type : ACT_GATHER_INFO |
| 2006-01-21 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-230-1.nasl - Type : ACT_GATHER_INFO |
| 2006-01-15 | Name : The remote Mandrake Linux host is missing a security update. File : mandrake_MDKSA-2005-232.nasl - Type : ACT_GATHER_INFO |
| 2006-01-15 | Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2005-231.nasl - Type : ACT_GATHER_INFO |
| 2006-01-15 | Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2005-230.nasl - Type : ACT_GATHER_INFO |
| 2006-01-15 | Name : The remote Mandrake Linux host is missing a security update. File : mandrake_MDKSA-2005-229.nasl - Type : ACT_GATHER_INFO |
| 2006-01-15 | Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2005-228.nasl - Type : ACT_GATHER_INFO |
| 2006-01-15 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200601-06.nasl - Type : ACT_GATHER_INFO |
Alert History
| Date | Informations |
|---|---|
| 2014-02-17 11:25:33 |
|
