Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ubuntuUbuntuUSN-1479-1
HistoryJun 18, 2012 - 12:00 a.m.

FFmpeg vulnerabilities

2012-06-1800:00:00
ubuntu.com
40

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

10

Confidence

High

EPSS

0.032

Percentile

91.4%

JSON

Releases

  • Ubuntu 10.04

Packages

  • ffmpeg - multimedia player, server and encoder

Details

Mateusz Jurczyk and Gynvael Coldwind discovered that FFmpeg incorrectly
handled certain malformed DV files. If a user were tricked into opening a
crafted DV file, an attacker could cause a denial of service via
application crash, or possibly execute arbitrary code with the privileges
of the user invoking the program. (CVE-2011-3929, CVE-2011-3936)

Mateusz Jurczyk and Gynvael Coldwind discovered that FFmpeg incorrectly
handled certain malformed NSV files. If a user were tricked into opening a
crafted NSV file, an attacker could cause a denial of service via
application crash, or possibly execute arbitrary code with the privileges
of the user invoking the program. (CVE-2011-3940)

Mateusz Jurczyk and Gynvael Coldwind discovered that FFmpeg incorrectly
handled certain malformed MJPEG-B files. If a user were tricked into
opening a crafted MJPEG-B file, an attacker could cause a denial of service
via application crash, or possibly execute arbitrary code with the
privileges of the user invoking the program. (CVE-2011-3947)

Mateusz Jurczyk and Gynvael Coldwind discovered that FFmpeg incorrectly
handled certain malformed DPCM files. If a user were tricked into opening a
crafted DPCM file, an attacker could cause a denial of service via
application crash, or possibly execute arbitrary code with the privileges
of the user invoking the program. (CVE-2011-3951)

Mateusz Jurczyk and Gynvael Coldwind discovered that FFmpeg incorrectly
handled certain malformed KMVC files. If a user were tricked into opening a
crafted KMVC file, an attacker could cause a denial of service via
application crash, or possibly execute arbitrary code with the privileges
of the user invoking the program. (CVE-2011-3952)

It was discovered that FFmpeg incorrectly handled certain malformed H.264
files. If a user were tricked into opening a crafted H.264 file, an
attacker could cause a denial of service via application crash, or possibly
execute arbitrary code with the privileges of the user invoking the
program. (CVE-2012-0851)

It was discovered that FFmpeg incorrectly handled certain malformed ADPCM
files. If a user were tricked into opening a crafted ADPCM file, an
attacker could cause a denial of service via application crash, or possibly
execute arbitrary code with the privileges of the user invoking the
program. (CVE-2012-0852)

It was discovered that FFmpeg incorrectly handled certain malformed Atrac 3
files. If a user were tricked into opening a crafted Atrac 3 file, an
attacker could cause a denial of service via application crash, or possibly
execute arbitrary code with the privileges of the user invoking the
program. (CVE-2012-0853)

It was discovered that FFmpeg incorrectly handled certain malformed Shorten
files. If a user were tricked into opening a crafted Shorten file, an
attacker could cause a denial of service via application crash, or possibly
execute arbitrary code with the privileges of the user invoking the
program. (CVE-2012-0858)

It was discovered that FFmpeg incorrectly handled certain malformed Vorbis
files. If a user were tricked into opening a crafted Vorbis file, an
attacker could cause a denial of service via application crash, or possibly
execute arbitrary code with the privileges of the user invoking the
program. (CVE-2012-0859)

Fabian Yamaguchi discovered that FFmpeg incorrectly handled certain
malformed VQA files. If a user were tricked into opening a crafted VQA
file, an attacker could cause a denial of service via application crash, or
possibly execute arbitrary code with the privileges of the user invoking
the program. (CVE-2012-0947)

OSVersionArchitecturePackageVersionFilename
Ubuntu10.04noarchlibavformat52< 4:0.5.9-0ubuntu0.10.04.1UNKNOWN
Ubuntu10.04noarchffmpeg< 4:0.5.9-0ubuntu0.10.04.1UNKNOWN
Ubuntu10.04noarchffmpeg-dbg< 4:0.5.9-0ubuntu0.10.04.1UNKNOWN
Ubuntu10.04noarchlibavcodec-dev< 4:0.5.9-0ubuntu0.10.04.1UNKNOWN
Ubuntu10.04noarchlibavcodec52< 4:0.5.9-0ubuntu0.10.04.1UNKNOWN
Ubuntu10.04noarchlibavdevice-dev< 4:0.5.9-0ubuntu0.10.04.1UNKNOWN
Ubuntu10.04noarchlibavdevice52< 4:0.5.9-0ubuntu0.10.04.1UNKNOWN
Ubuntu10.04noarchlibavfilter-dev< 4:0.5.9-0ubuntu0.10.04.1UNKNOWN
Ubuntu10.04noarchlibavfilter0< 4:0.5.9-0ubuntu0.10.04.1UNKNOWN
Ubuntu10.04noarchlibavformat-dev< 4:0.5.9-0ubuntu0.10.04.1UNKNOWN
Rows per page:
1-10 of 161

Related

nessus 10
openvas 15
ubuntu 1
gentoo 2
osv 2
debian 3
securityvulns 3
ubuntucve 12
prion 12
debiancve 12
cvelist 12
cve 12
nvd 12
freebsd 1
nessus
nessus
Ubuntu 10.04 LTS : ffmpeg vulnerabilities (USN-1479-1)
2012-06-19 00:00:00
GLSA-201210-06 : Libav: Multiple vulnerabilities
2012-10-22 00:00:00
Ubuntu 11.04 / 11.10 / 12.04 LTS : libav vulnerabilities (USN-1478-1)
2012-06-19 00:00:00
openvas
openvas
Ubuntu: Security Advisory (USN-1479-1)
2012-06-19 00:00:00
Ubuntu Update for ffmpeg USN-1479-1
2012-06-19 00:00:00
Gentoo Security Advisory GLSA 201210-06 (libav)
2012-10-22 00:00:00
ubuntu
ubuntu
Libav vulnerabilities
2012-06-18 00:00:00
gentoo
gentoo
Libav: Multiple vulnerabilities
2012-10-20 00:00:00
FFmpeg: Multiple vulnerabilities
2013-10-25 00:00:00
osv
osv
ffmpeg - several
2012-06-14 00:00:00
ffmpeg - several
2012-05-13 00:00:00
debian
debian
[SECURITY] [DSA 2494-1] ffmpeg security update
2012-06-14 20:24:18
[SECURITY] [DSA-2471-1] ffmpeg security update
2012-05-13 20:37:22
[SECURITY] [DSA 2624-1] ffmpeg security update
2013-02-16 18:18:20
securityvulns
securityvulns
[SECURITY] [DSA 2494-1] ffmpeg security update
2012-06-17 00:00:00
[SECURITY] [DSA-2471-1] ffmpeg security update
2012-05-21 00:00:00
ffmpeg library multiple security vulnerabilities
2012-06-17 00:00:00
ubuntucve
ubuntucve
CVE-2011-3936
2012-05-13 00:00:00
CVE-2011-3929
2012-05-13 00:00:00
CVE-2011-3947
2012-05-13 00:00:00
prion
prion
Out-of-bounds
2012-08-20 18:55:00
Null pointer dereference
2012-08-20 18:55:00
Buffer overflow
2012-08-20 18:55:00
debiancve
debiancve
CVE-2011-3936
2012-08-20 18:55:01
CVE-2011-3952
2012-08-20 18:55:02
CVE-2011-3929
2012-08-20 18:55:01
cvelist
cvelist
CVE-2011-3929
2012-08-20 18:00:00
CVE-2011-3936
2012-08-20 18:00:00
CVE-2011-3952
2012-08-20 18:00:00
cve
cve
CVE-2011-3929
2012-08-20 18:55:01
CVE-2011-3936
2012-08-20 18:55:01
CVE-2011-3952
2012-08-20 18:55:02
nvd
nvd
CVE-2011-3929
2012-08-20 18:55:01
CVE-2011-3936
2012-08-20 18:55:01
CVE-2011-3947
2012-08-20 18:55:02
freebsd
freebsd
gstreamer-ffmpeg -- Multiple vulnerabilities in bundled libav
2013-08-20 00:00:00

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

10

Confidence

High

EPSS

0.032

Percentile

91.4%

JSON
Related for USN-1479-1
nessus10openvas15ubuntu1gentoo2osv2debian3securityvulns3ubuntucve12prion12debiancve12cvelist12cve12nvd12freebsd1