CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
AI Score
Confidence
High
EPSS
Percentile
91.4%
Mateusz Jurczyk and Gynvael Coldwind discovered that FFmpeg incorrectly
handled certain malformed DV files. If a user were tricked into opening a
crafted DV file, an attacker could cause a denial of service via
application crash, or possibly execute arbitrary code with the privileges
of the user invoking the program. (CVE-2011-3929, CVE-2011-3936)
Mateusz Jurczyk and Gynvael Coldwind discovered that FFmpeg incorrectly
handled certain malformed NSV files. If a user were tricked into opening a
crafted NSV file, an attacker could cause a denial of service via
application crash, or possibly execute arbitrary code with the privileges
of the user invoking the program. (CVE-2011-3940)
Mateusz Jurczyk and Gynvael Coldwind discovered that FFmpeg incorrectly
handled certain malformed MJPEG-B files. If a user were tricked into
opening a crafted MJPEG-B file, an attacker could cause a denial of service
via application crash, or possibly execute arbitrary code with the
privileges of the user invoking the program. (CVE-2011-3947)
Mateusz Jurczyk and Gynvael Coldwind discovered that FFmpeg incorrectly
handled certain malformed DPCM files. If a user were tricked into opening a
crafted DPCM file, an attacker could cause a denial of service via
application crash, or possibly execute arbitrary code with the privileges
of the user invoking the program. (CVE-2011-3951)
Mateusz Jurczyk and Gynvael Coldwind discovered that FFmpeg incorrectly
handled certain malformed KMVC files. If a user were tricked into opening a
crafted KMVC file, an attacker could cause a denial of service via
application crash, or possibly execute arbitrary code with the privileges
of the user invoking the program. (CVE-2011-3952)
It was discovered that FFmpeg incorrectly handled certain malformed H.264
files. If a user were tricked into opening a crafted H.264 file, an
attacker could cause a denial of service via application crash, or possibly
execute arbitrary code with the privileges of the user invoking the
program. (CVE-2012-0851)
It was discovered that FFmpeg incorrectly handled certain malformed ADPCM
files. If a user were tricked into opening a crafted ADPCM file, an
attacker could cause a denial of service via application crash, or possibly
execute arbitrary code with the privileges of the user invoking the
program. (CVE-2012-0852)
It was discovered that FFmpeg incorrectly handled certain malformed Atrac 3
files. If a user were tricked into opening a crafted Atrac 3 file, an
attacker could cause a denial of service via application crash, or possibly
execute arbitrary code with the privileges of the user invoking the
program. (CVE-2012-0853)
It was discovered that FFmpeg incorrectly handled certain malformed Shorten
files. If a user were tricked into opening a crafted Shorten file, an
attacker could cause a denial of service via application crash, or possibly
execute arbitrary code with the privileges of the user invoking the
program. (CVE-2012-0858)
It was discovered that FFmpeg incorrectly handled certain malformed Vorbis
files. If a user were tricked into opening a crafted Vorbis file, an
attacker could cause a denial of service via application crash, or possibly
execute arbitrary code with the privileges of the user invoking the
program. (CVE-2012-0859)
Fabian Yamaguchi discovered that FFmpeg incorrectly handled certain
malformed VQA files. If a user were tricked into opening a crafted VQA
file, an attacker could cause a denial of service via application crash, or
possibly execute arbitrary code with the privileges of the user invoking
the program. (CVE-2012-0947)
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Ubuntu | 10.04 | noarch | libavformat52 | < 4:0.5.9-0ubuntu0.10.04.1 | UNKNOWN |
Ubuntu | 10.04 | noarch | ffmpeg | < 4:0.5.9-0ubuntu0.10.04.1 | UNKNOWN |
Ubuntu | 10.04 | noarch | ffmpeg-dbg | < 4:0.5.9-0ubuntu0.10.04.1 | UNKNOWN |
Ubuntu | 10.04 | noarch | libavcodec-dev | < 4:0.5.9-0ubuntu0.10.04.1 | UNKNOWN |
Ubuntu | 10.04 | noarch | libavcodec52 | < 4:0.5.9-0ubuntu0.10.04.1 | UNKNOWN |
Ubuntu | 10.04 | noarch | libavdevice-dev | < 4:0.5.9-0ubuntu0.10.04.1 | UNKNOWN |
Ubuntu | 10.04 | noarch | libavdevice52 | < 4:0.5.9-0ubuntu0.10.04.1 | UNKNOWN |
Ubuntu | 10.04 | noarch | libavfilter-dev | < 4:0.5.9-0ubuntu0.10.04.1 | UNKNOWN |
Ubuntu | 10.04 | noarch | libavfilter0 | < 4:0.5.9-0ubuntu0.10.04.1 | UNKNOWN |
Ubuntu | 10.04 | noarch | libavformat-dev | < 4:0.5.9-0ubuntu0.10.04.1 | UNKNOWN |
ubuntu.com/security/CVE-2011-3929
ubuntu.com/security/CVE-2011-3936
ubuntu.com/security/CVE-2011-3940
ubuntu.com/security/CVE-2011-3947
ubuntu.com/security/CVE-2011-3951
ubuntu.com/security/CVE-2011-3952
ubuntu.com/security/CVE-2012-0851
ubuntu.com/security/CVE-2012-0852
ubuntu.com/security/CVE-2012-0853
ubuntu.com/security/CVE-2012-0858
ubuntu.com/security/CVE-2012-0859
ubuntu.com/security/CVE-2012-0947