CVE-2010-4704

libavcodec/vorbis_dec.c in the Vorbis decoder in FFmpeg 0.6.1 and earlier allows remote attackers to cause a denial of service (application crash) via a crafted .ogg file, related to the vorbis_floor0_decode function. NOTE: this might overlap CVE-2011-0480.
References
Link Resource
http://ffmpeg.mplayerhq.hu/
http://git.ffmpeg.org/?p=ffmpeg.git%3Ba=commit%3Bh=3dde66752d59dfdd0f3727efd66e7202b3c75078
http://secunia.com/advisories/43323
http://www.debian.org/security/2011/dsa-2165
http://www.debian.org/security/2011/dsa-2306
http://www.mandriva.com/security/advisories?name=MDVSA-2011:060
http://www.mandriva.com/security/advisories?name=MDVSA-2011:061
http://www.mandriva.com/security/advisories?name=MDVSA-2011:062
http://www.mandriva.com/security/advisories?name=MDVSA-2011:088
http://www.mandriva.com/security/advisories?name=MDVSA-2011:089
http://www.mandriva.com/security/advisories?name=MDVSA-2011:112
http://www.mandriva.com/security/advisories?name=MDVSA-2011:114
http://www.securityfocus.com/bid/46294
http://www.ubuntu.com/usn/usn-1104-1/
http://www.vupen.com/english/advisories/2011/1241
https://roundup.ffmpeg.org/issue2322 Exploit
http://ffmpeg.mplayerhq.hu/
http://git.ffmpeg.org/?p=ffmpeg.git%3Ba=commit%3Bh=3dde66752d59dfdd0f3727efd66e7202b3c75078
http://secunia.com/advisories/43323
http://www.debian.org/security/2011/dsa-2165
http://www.debian.org/security/2011/dsa-2306
http://www.mandriva.com/security/advisories?name=MDVSA-2011:060
http://www.mandriva.com/security/advisories?name=MDVSA-2011:061
http://www.mandriva.com/security/advisories?name=MDVSA-2011:062
http://www.mandriva.com/security/advisories?name=MDVSA-2011:088
http://www.mandriva.com/security/advisories?name=MDVSA-2011:089
http://www.mandriva.com/security/advisories?name=MDVSA-2011:112
http://www.mandriva.com/security/advisories?name=MDVSA-2011:114
http://www.securityfocus.com/bid/46294
http://www.ubuntu.com/usn/usn-1104-1/
http://www.vupen.com/english/advisories/2011/1241
https://roundup.ffmpeg.org/issue2322 Exploit
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:ffmpeg:ffmpeg:*:*:*:*:*:*:*:*
cpe:2.3:a:ffmpeg:ffmpeg:0.3:*:*:*:*:*:*:*
cpe:2.3:a:ffmpeg:ffmpeg:0.3.1:*:*:*:*:*:*:*
cpe:2.3:a:ffmpeg:ffmpeg:0.3.2:*:*:*:*:*:*:*
cpe:2.3:a:ffmpeg:ffmpeg:0.3.3:*:*:*:*:*:*:*
cpe:2.3:a:ffmpeg:ffmpeg:0.3.4:*:*:*:*:*:*:*
cpe:2.3:a:ffmpeg:ffmpeg:0.4.0:*:*:*:*:*:*:*
cpe:2.3:a:ffmpeg:ffmpeg:0.4.2:*:*:*:*:*:*:*
cpe:2.3:a:ffmpeg:ffmpeg:0.4.3:*:*:*:*:*:*:*
cpe:2.3:a:ffmpeg:ffmpeg:0.4.4:*:*:*:*:*:*:*
cpe:2.3:a:ffmpeg:ffmpeg:0.4.5:*:*:*:*:*:*:*
cpe:2.3:a:ffmpeg:ffmpeg:0.4.6:*:*:*:*:*:*:*
cpe:2.3:a:ffmpeg:ffmpeg:0.4.7:*:*:*:*:*:*:*
cpe:2.3:a:ffmpeg:ffmpeg:0.4.8:*:*:*:*:*:*:*
cpe:2.3:a:ffmpeg:ffmpeg:0.4.9:pre1:*:*:*:*:*:*
cpe:2.3:a:ffmpeg:ffmpeg:0.5:*:*:*:*:*:*:*
cpe:2.3:a:ffmpeg:ffmpeg:0.6:*:*:*:*:*:*:*

History

21 Nov 2024, 01:21

Type Values Removed Values Added
References () http://ffmpeg.mplayerhq.hu/ - () http://ffmpeg.mplayerhq.hu/ -
References () http://git.ffmpeg.org/?p=ffmpeg.git%3Ba=commit%3Bh=3dde66752d59dfdd0f3727efd66e7202b3c75078 - () http://git.ffmpeg.org/?p=ffmpeg.git%3Ba=commit%3Bh=3dde66752d59dfdd0f3727efd66e7202b3c75078 -
References () http://secunia.com/advisories/43323 - () http://secunia.com/advisories/43323 -
References () http://www.debian.org/security/2011/dsa-2165 - () http://www.debian.org/security/2011/dsa-2165 -
References () http://www.debian.org/security/2011/dsa-2306 - () http://www.debian.org/security/2011/dsa-2306 -
References () http://www.mandriva.com/security/advisories?name=MDVSA-2011:060 - () http://www.mandriva.com/security/advisories?name=MDVSA-2011:060 -
References () http://www.mandriva.com/security/advisories?name=MDVSA-2011:061 - () http://www.mandriva.com/security/advisories?name=MDVSA-2011:061 -
References () http://www.mandriva.com/security/advisories?name=MDVSA-2011:062 - () http://www.mandriva.com/security/advisories?name=MDVSA-2011:062 -
References () http://www.mandriva.com/security/advisories?name=MDVSA-2011:088 - () http://www.mandriva.com/security/advisories?name=MDVSA-2011:088 -
References () http://www.mandriva.com/security/advisories?name=MDVSA-2011:089 - () http://www.mandriva.com/security/advisories?name=MDVSA-2011:089 -
References () http://www.mandriva.com/security/advisories?name=MDVSA-2011:112 - () http://www.mandriva.com/security/advisories?name=MDVSA-2011:112 -
References () http://www.mandriva.com/security/advisories?name=MDVSA-2011:114 - () http://www.mandriva.com/security/advisories?name=MDVSA-2011:114 -
References () http://www.securityfocus.com/bid/46294 - () http://www.securityfocus.com/bid/46294 -
References () http://www.ubuntu.com/usn/usn-1104-1/ - () http://www.ubuntu.com/usn/usn-1104-1/ -
References () http://www.vupen.com/english/advisories/2011/1241 - () http://www.vupen.com/english/advisories/2011/1241 -
References () https://roundup.ffmpeg.org/issue2322 - Exploit () https://roundup.ffmpeg.org/issue2322 - Exploit

Information

Published : 2011-01-22 22:00

Updated : 2024-11-21 01:21


NVD link : CVE-2010-4704

Mitre link : CVE-2010-4704

CVE.ORG link : CVE-2010-4704


JSON object : View

Products Affected

ffmpeg

  • ffmpeg
CWE
CWE-20

Improper Input Validation