Vulnerabilities > CVE-2010-4705 - Numeric Errors vulnerability in Ffmpeg 0.6
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
Integer overflow in the vorbis_residue_decode_internal function in libavcodec/vorbis_dec.c in the Vorbis decoder in FFmpeg, possibly 0.6, has unspecified impact and remote attack vectors, related to the sizes of certain integer data types. NOTE: this might overlap CVE-2011-0480.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Common Weakness Enumeration (CWE)
Nessus
NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201310-12.NASL description The remote host is affected by the vulnerability described in GLSA-201310-12 (FFmpeg: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in FFmpeg. Please review the CVE identifiers and FFmpeg changelogs referenced below for details. Impact : A remote attacker could entice a user to open a specially crafted media file, possibly leading to the execution of arbitrary code with the privileges of the user running the application or a Denial of Service. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 70647 published 2013-10-27 reporter This script is Copyright (C) 2013-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/70647 title GLSA-201310-12 : FFmpeg: Multiple vulnerabilities NASL family Debian Local Security Checks NASL id DEBIAN_DSA-2165.NASL description Several vulnerabilities have been discovered in FFmpeg coders, which are used by MPlayer and other applications. - CVE-2010-3429 Cesar Bernardini and Felipe Andres Manzano reported an arbitrary offset dereference vulnerability in the libavcodec, in particular in the FLIC file format parser. A specific FLIC file may exploit this vulnerability and execute arbitrary code. Mplayer is also affected by this problem, as well as other software that use this library. - CVE-2010-4704 Greg Maxwell discovered an integer overflow the Vorbis decoder in FFmpeg. A specific Ogg file may exploit this vulnerability and execute arbitrary code. - CVE-2010-4705 A potential integer overflow has been discovered in the Vorbis decoder in FFmpeg. This upload also fixes an incomplete patch from DSA-2000-1. Michael Gilbert noticed that there was remaining vulnerabilities, which may cause a denial of service and potentially execution of arbitrary code. last seen 2020-03-17 modified 2011-02-20 plugin id 52028 published 2011-02-20 reporter This script is Copyright (C) 2011-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/52028 title Debian DSA-2165-1 : ffmpeg-debian - buffer overflow
References
- http://git.ffmpeg.org/?p=ffmpeg.git%3Ba=commit%3Bh=366d919016a679d3955f6fe5278fa7ce4f47b81e
- http://secunia.com/advisories/43323
- http://www.debian.org/security/2011/dsa-2165
- http://www.securityfocus.com/bid/46294
- http://git.ffmpeg.org/?p=ffmpeg.git%3Ba=commit%3Bh=366d919016a679d3955f6fe5278fa7ce4f47b81e
- http://www.securityfocus.com/bid/46294
- http://www.debian.org/security/2011/dsa-2165
- http://secunia.com/advisories/43323