Vulnerabilities > CVE-2007-3329 - Remote Code Execution vulnerability in Xvid 1.1.2
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Multiple array index errors in the (1) get_intra_block, (2) get_inter_block_h263, and (3) get_inter_block_mpeg functions in src/bitstream/mbcoding.c in Xvid 1.1.2 allow remote attackers to execute arbitrary code via a crafted (a) Avi, (b) H.263, or (c) MPEG file.
Nessus
NASL family | Gentoo Local Security Checks |
NASL id | GENTOO_GLSA-200708-02.NASL |
description | The remote host is affected by the vulnerability described in GLSA-200708-02 (Xvid: Array indexing vulnerabilities) Trixter Jack discovered an array indexing error in the get_intra_block() function in the file src/bitstream/mbcoding.c. The get_inter_block_h263() and get_inter_block_mpeg() functions in the same file were also reported as vulnerable. Impact : An attacker could exploit these vulnerabilities to execute arbitrary code by tricking a user or automated system into processing a malicious video file with an application that makes use of the Xvid library. Workaround : There is no known workaround at this time. |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 25867 |
published | 2007-08-13 |
reporter | This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/25867 |
title | GLSA-200708-02 : Xvid: Array indexing vulnerabilities |
code |
|
References
- http://bugs.gentoo.org/show_bug.cgi?id=183145
- http://cvs.xvid.org/cvs/viewvc.cgi/xvidcore/src/bitstream/mbcoding.c
- http://cvs.xvid.org/cvs/viewvc.cgi/xvidcore/src/bitstream/mbcoding.c?r1=1.54&r2=1.55
- http://osvdb.org/37728
- http://secunia.com/advisories/25711
- http://secunia.com/advisories/26353
- http://www.gentoo.org/security/en/glsa/glsa-200708-02.xml
- http://www.securityfocus.com/bid/24561
- https://exchange.xforce.ibmcloud.com/vulnerabilities/34949