Vulnerabilities > CVE-2009-4631 - Numeric Errors vulnerability in Ffmpeg 0.5
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
Off-by-one error in the VP3 decoder (vp3.c) in FFmpeg 0.5 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted VP3 file that triggers an out-of-bounds read and possibly memory corruption.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Common Weakness Enumeration (CWE)
Nessus
NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201310-12.NASL description The remote host is affected by the vulnerability described in GLSA-201310-12 (FFmpeg: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in FFmpeg. Please review the CVE identifiers and FFmpeg changelogs referenced below for details. Impact : A remote attacker could entice a user to open a specially crafted media file, possibly leading to the execution of arbitrary code with the privileges of the user running the application or a Denial of Service. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 70647 published 2013-10-27 reporter This script is Copyright (C) 2013-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/70647 title GLSA-201310-12 : FFmpeg: Multiple vulnerabilities NASL family Debian Local Security Checks NASL id DEBIAN_DSA-2000.NASL description Several vulnerabilities have been discovered in ffmpeg, a multimedia player, server and encoder, which also provides a range of multimedia libraries used in applications like MPlayer : Various programming errors in container and codec implementations may lead to denial of service or the execution of arbitrary code if the user is tricked into opening a malformed media file or stream. The implementations of the following affected codecs and container formats have been updated : - the Vorbis audio codec - the Ogg container implementation - the FF Video 1 codec - the MPEG audio codec - the H264 video codec - the MOV container implementation - the Oggedc container implementation last seen 2020-06-01 modified 2020-06-02 plugin id 44864 published 2010-02-24 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/44864 title Debian DSA-2000-1 : ffmpeg-debian - several vulnerabilities
Seebug
| bulletinFamily | exploit |
| description | BUGTRAQ ID: 36465 CVE ID: CVE-2009-4631,CVE-2009-4632,CVE-2009-4633,CVE-2009-4634,CVE-2009-4635,CVE-2009-4636,CVE-2009-4637,CVE-2009-4638,CVE-2009-4639,CVE-2009-4640 FFmpeg是一套对音频和视频进行解码录制转换的完整方案。 ffmpeg解析各种媒体文件时存在多个空指针引用、内存越界或死循环等漏洞,可能导致拒绝服务或执行任意代码。 1) 解析AVI、.ogv和.wmv文件时的空指针引用和0除数错误可能导致崩溃。 2) 处理.ogv文件和mjpg编码AVI文件时的错误可能导致引用无效的内存。 3) 处理iv32编码的AVI文件和.mp4文件时的堆内存破坏可能导致执行任意代码。 4) 处理.ogv文件时的错误可能触发死循环。 5) 处理h264编码的AVI文件时的错误可能触发浮点异常。 6) 解析MOV原子可能触发空指针引用。 7) AAC编码解码器中的错误可能触发越界读取。 8) mov_read_dref()函数在解析.mp4文件可能导致挂起。 9) 处理.ogv文件时的内存破坏可能导致执行任意代码。 FFmpeg 0.5 厂商补丁: FFmpeg ------ 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: http://src.chromium.org/viewvc/chrome/trunk/deps/third_party/ffmpeg/?view=log |
| id | SSV:19159 |
| last seen | 2017-11-19 |
| modified | 2010-02-20 |
| published | 2010-02-20 |
| reporter | Root |
| source | https://www.seebug.org/vuldb/ssvid-19159 |
| title | FFmpeg多个媒体文件解析拒绝服务和代码执行漏洞 |
References
- http://scarybeastsecurity.blogspot.com/2009/09/patching-ffmpeg-into-shape.html
- http://secunia.com/advisories/36805
- http://secunia.com/advisories/38643
- http://www.debian.org/security/2010/dsa-2000
- http://www.securityfocus.com/bid/36465
- https://roundup.ffmpeg.org/roundup/ffmpeg/issue1240
- https://roundup.ffmpeg.org/roundup/ffmpeg/issue1483