Vulnerabilities > CVE-2011-3895 - Out-of-bounds Write vulnerability in multiple products
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
Heap-based buffer overflow in the Vorbis decoder in Google Chrome before 15.0.874.120 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted stream.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Nessus
NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201111-05.NASL description The remote host is affected by the vulnerability described in GLSA-201111-05 (Chromium, V8: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Chromium and V8. Please review the CVE identifiers and release notes referenced below for details. Impact : A context-dependent attacker could entice a user to open a specially crafted website or JavaScript program using Chromium or V8, possibly resulting in the execution of arbitrary code with the privileges of the process, or a Denial of Service condition. The attacker also could cause a Java applet to run without user confirmation. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 56901 published 2011-11-22 reporter This script is Copyright (C) 2011-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/56901 title GLSA-201111-05 : Chromium, V8: Multiple vulnerabilities code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Gentoo Linux Security Advisory GLSA 201111-05. # # The advisory text is Copyright (C) 2001-2017 Gentoo Foundation, Inc. # and licensed under the Creative Commons - Attribution / Share Alike # license. See http://creativecommons.org/licenses/by-sa/3.0/ # include("compat.inc"); if (description) { script_id(56901); script_version("1.9"); script_cvs_date("Date: 2018/07/11 17:09:26"); script_cve_id("CVE-2011-3892", "CVE-2011-3893", "CVE-2011-3894", "CVE-2011-3895", "CVE-2011-3896", "CVE-2011-3897", "CVE-2011-3898", "CVE-2011-3900"); script_bugtraq_id(50642, 50701); script_xref(name:"GLSA", value:"201111-05"); script_name(english:"GLSA-201111-05 : Chromium, V8: Multiple vulnerabilities"); script_summary(english:"Checks for updated package(s) in /var/db/pkg"); script_set_attribute( attribute:"synopsis", value: "The remote Gentoo host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "The remote host is affected by the vulnerability described in GLSA-201111-05 (Chromium, V8: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Chromium and V8. Please review the CVE identifiers and release notes referenced below for details. Impact : A context-dependent attacker could entice a user to open a specially crafted website or JavaScript program using Chromium or V8, possibly resulting in the execution of arbitrary code with the privileges of the process, or a Denial of Service condition. The attacker also could cause a Java applet to run without user confirmation. Workaround : There is no known workaround at this time." ); # https://googlechromereleases.blogspot.com/2011/11/stable-channel-update.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?0f60ac84" ); # https://googlechromereleases.blogspot.com/2011/11/stable-channel-update_16.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?5f5edd29" ); script_set_attribute( attribute:"see_also", value:"https://security.gentoo.org/glsa/201111-05" ); script_set_attribute( attribute:"solution", value: "All Chromium users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=www-client/chromium-15.0.874.121' All V8 users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=dev-lang/v8-3.5.10.24'" ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:chromium"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:v8"); script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux"); script_set_attribute(attribute:"patch_publication_date", value:"2011/11/19"); script_set_attribute(attribute:"plugin_publication_date", value:"2011/11/22"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2011-2018 Tenable Network Security, Inc."); script_family(english:"Gentoo Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("qpkg.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo"); if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (qpkg_check(package:"www-client/chromium", unaffected:make_list("ge 15.0.874.121"), vulnerable:make_list("lt 15.0.874.121"))) flag++; if (qpkg_check(package:"dev-lang/v8", unaffected:make_list("ge 3.5.10.24"), vulnerable:make_list("lt 3.5.10.24"))) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get()); else security_hole(0); exit(0); } else { tested = qpkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "Chromium / V8"); }
NASL family Debian Local Security Checks NASL id DEBIAN_DSA-2471.NASL description Several vulnerabilities have been discovered in FFmpeg, a multimedia player, server and encoder. Multiple input validations in the decoders/ demuxers for Westwood Studios VQA, Apple MJPEG-B, Theora, Matroska, Vorbis, Sony ATRAC3, DV, NSV, files could lead to the execution of arbitrary code. These issues were discovered by Aki Helin, Mateusz Jurczyk, Gynvael Coldwind, and Michael Niedermayer. last seen 2020-03-17 modified 2012-05-15 plugin id 59094 published 2012-05-15 reporter This script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/59094 title Debian DSA-2471-1 : ffmpeg - several vulnerabilities code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Debian Security Advisory DSA-2471. The text # itself is copyright (C) Software in the Public Interest, Inc. # include("compat.inc"); if (description) { script_id(59094); script_version("1.9"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12"); script_cve_id("CVE-2011-3892", "CVE-2011-3893", "CVE-2011-3895", "CVE-2011-3929", "CVE-2011-3936", "CVE-2011-3940", "CVE-2011-3947", "CVE-2012-0853", "CVE-2012-0947"); script_xref(name:"DSA", value:"2471"); script_name(english:"Debian DSA-2471-1 : ffmpeg - several vulnerabilities"); script_summary(english:"Checks dpkg output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote Debian host is missing a security-related update." ); script_set_attribute( attribute:"description", value: "Several vulnerabilities have been discovered in FFmpeg, a multimedia player, server and encoder. Multiple input validations in the decoders/ demuxers for Westwood Studios VQA, Apple MJPEG-B, Theora, Matroska, Vorbis, Sony ATRAC3, DV, NSV, files could lead to the execution of arbitrary code. These issues were discovered by Aki Helin, Mateusz Jurczyk, Gynvael Coldwind, and Michael Niedermayer." ); script_set_attribute( attribute:"see_also", value:"https://packages.debian.org/source/squeeze/ffmpeg" ); script_set_attribute( attribute:"see_also", value:"https://www.debian.org/security/2012/dsa-2471" ); script_set_attribute( attribute:"solution", value: "Upgrade the ffmpeg packages. For the stable distribution (squeeze), this problem has been fixed in version 4:0.5.8-1." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:ffmpeg"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:6.0"); script_set_attribute(attribute:"patch_publication_date", value:"2012/05/13"); script_set_attribute(attribute:"plugin_publication_date", value:"2012/05/15"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Debian Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("debian_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian"); if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (deb_check(release:"6.0", prefix:"ffmpeg", reference:"4:0.5.8-1")) flag++; if (deb_check(release:"6.0", prefix:"ffmpeg-dbg", reference:"4:0.5.8-1")) flag++; if (deb_check(release:"6.0", prefix:"ffmpeg-doc", reference:"4:0.5.8-1")) flag++; if (deb_check(release:"6.0", prefix:"libavcodec-dev", reference:"4:0.5.8-1")) flag++; if (deb_check(release:"6.0", prefix:"libavcodec52", reference:"4:0.5.8-1")) flag++; if (deb_check(release:"6.0", prefix:"libavdevice-dev", reference:"4:0.5.8-1")) flag++; if (deb_check(release:"6.0", prefix:"libavdevice52", reference:"4:0.5.8-1")) flag++; if (deb_check(release:"6.0", prefix:"libavfilter-dev", reference:"4:0.5.8-1")) flag++; if (deb_check(release:"6.0", prefix:"libavfilter0", reference:"4:0.5.8-1")) flag++; if (deb_check(release:"6.0", prefix:"libavformat-dev", reference:"4:0.5.8-1")) flag++; if (deb_check(release:"6.0", prefix:"libavformat52", reference:"4:0.5.8-1")) flag++; if (deb_check(release:"6.0", prefix:"libavutil-dev", reference:"4:0.5.8-1")) flag++; if (deb_check(release:"6.0", prefix:"libavutil49", reference:"4:0.5.8-1")) flag++; if (deb_check(release:"6.0", prefix:"libpostproc-dev", reference:"4:0.5.8-1")) flag++; if (deb_check(release:"6.0", prefix:"libpostproc51", reference:"4:0.5.8-1")) flag++; if (deb_check(release:"6.0", prefix:"libswscale-dev", reference:"4:0.5.8-1")) flag++; if (deb_check(release:"6.0", prefix:"libswscale0", reference:"4:0.5.8-1")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");
NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201310-12.NASL description The remote host is affected by the vulnerability described in GLSA-201310-12 (FFmpeg: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in FFmpeg. Please review the CVE identifiers and FFmpeg changelogs referenced below for details. Impact : A remote attacker could entice a user to open a specially crafted media file, possibly leading to the execution of arbitrary code with the privileges of the user running the application or a Denial of Service. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 70647 published 2013-10-27 reporter This script is Copyright (C) 2013-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/70647 title GLSA-201310-12 : FFmpeg: Multiple vulnerabilities NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_6887828F022911E0B84D00262D5ED8EE.NASL description Google Chrome Releases reports : Fixed in 15.0.874.121 : [103259] High CVE-2011-3900: Out-of-bounds write in v8. Credit to Christian Holler. Fixed in 15.0.874.120 : [100465] High CVE-2011-3892: Double free in Theora decoder. Credit to Aki Helin of OUSPG. [100492] [100543] Medium CVE-2011-3893: Out of bounds reads in MKV and Vorbis media handlers. Credit to Aki Helin of OUSPG. [101172] High CVE-2011-3894: Memory corruption regression in VP8 decoding. Credit to Andrew Scherkus of the Chromium development community. [101458] High CVE-2011-3895: Heap overflow in Vorbis decoder. Credit to Aki Helin of OUSPG. [101624] High CVE-2011-3896: Buffer overflow in shader variable mapping. Credit to Ken last seen 2020-06-01 modified 2020-06-02 plugin id 51069 published 2010-12-08 reporter This script is Copyright (C) 2010-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/51069 title FreeBSD : chromium -- multiple vulnerabilities (6887828f-0229-11e0-b84d-00262d5ed8ee) NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2012-075.NASL description Multiple vulnerabilities has been found and corrected in ffmpeg : The Matroska format decoder in FFmpeg does not properly allocate memory, which allows remote attackers to execute arbitrary code via a crafted file (CVE-2011-3362, CVE-2011-3504). cavsdec.c in libavcodec in FFmpeg allows remote attackers to cause a denial of service (incorrect write operation and application crash) via an invalid bitstream in a Chinese AVS video (aka CAVS) file, related to the decode_residual_block, check_for_slice, and cavs_decode_frame functions, a different vulnerability than CVE-2011-3362 (CVE-2011-3973). Integer signedness error in the decode_residual_inter function in cavsdec.c in libavcodec in FFmpeg allows remote attackers to cause a denial of service (incorrect write operation and application crash) via an invalid bitstream in a Chinese AVS video (aka CAVS) file, a different vulnerability than CVE-2011-3362 (CVE-2011-3974). Double free vulnerability in the Theora decoder in FFmpeg allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted stream (CVE-2011-3892). FFmpeg does not properly implement the MKV and Vorbis media handlers, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors (CVE-2011-3893). Heap-based buffer overflow in the Vorbis decoder in FFmpeg allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted stream (CVE-2011-3895). An error within the QDM2 decoder (libavcodec/qdm2.c) can be exploited to cause a buffer overflow (CVE-2011-4351). An integer overflow error within the last seen 2020-06-01 modified 2020-06-02 plugin id 59096 published 2012-05-15 reporter This script is Copyright (C) 2012-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/59096 title Mandriva Linux Security Advisory : ffmpeg (MDVSA-2012:075) NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2012-076.NASL description Multiple vulnerabilities has been found and corrected in ffmpeg : The Matroska format decoder in FFmpeg does not properly allocate memory, which allows remote attackers to execute arbitrary code via a crafted file (CVE-2011-3362, CVE-2011-3504). cavsdec.c in libavcodec in FFmpeg allows remote attackers to cause a denial of service (incorrect write operation and application crash) via an invalid bitstream in a Chinese AVS video (aka CAVS) file, related to the decode_residual_block, check_for_slice, and cavs_decode_frame functions, a different vulnerability than CVE-2011-3362 (CVE-2011-3973). Integer signedness error in the decode_residual_inter function in cavsdec.c in libavcodec in FFmpeg allows remote attackers to cause a denial of service (incorrect write operation and application crash) via an invalid bitstream in a Chinese AVS video (aka CAVS) file, a different vulnerability than CVE-2011-3362 (CVE-2011-3974). Double free vulnerability in the Theora decoder in FFmpeg allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted stream (CVE-2011-3892). FFmpeg does not properly implement the MKV and Vorbis media handlers, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors (CVE-2011-3893). Heap-based buffer overflow in the Vorbis decoder in FFmpeg allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted stream (CVE-2011-3895). An error within the QDM2 decoder (libavcodec/qdm2.c) can be exploited to cause a buffer overflow (CVE-2011-4351). An integer overflow error within the last seen 2020-06-01 modified 2020-06-02 plugin id 61951 published 2012-09-06 reporter This script is Copyright (C) 2012-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/61951 title Mandriva Linux Security Advisory : ffmpeg (MDVSA-2012:076) NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_4D087B35099011E3A9F4BCAEC565249C.NASL description Bundled version of libav in gstreamer-ffmpeg contains a number of vulnerabilities. last seen 2020-06-01 modified 2020-06-02 plugin id 69412 published 2013-08-21 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/69412 title FreeBSD : gstreamer-ffmpeg -- Multiple vulnerabilities in bundled libav (4d087b35-0990-11e3-a9f4-bcaec565249c) NASL family Windows NASL id GOOGLE_CHROME_15_0_874_120.NASL description The version of Google Chrome installed on the remote host is earlier than 15.0.874.120. It is, therefore, potentially affected by the following vulnerabilities : - A double-free error exists in the Theora decoder. (CVE-2011-3892) - Out-of-bounds read errors exist in the MVK and Vorbis media handlers. (CVE-2011-3893) - A memory corruption error exists in the VP8 decoding. (CVE-2011-3894) - A heap overflow error exists in the Vorbis decoder. (CVE-2011-3895) - A buffer overflow error exists in shader variable mapping functionality. (CVE-2011-3896) - A use-after-free error exists related to unspecified editing. (CVE-2011-3897) - In JRE7, applets are allowed to run without the proper permissions. (CVE-2011-3898) last seen 2020-06-01 modified 2020-06-02 plugin id 56779 published 2011-11-11 reporter This script is Copyright (C) 2011-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/56779 title Google Chrome < 15.0.874.120 Multiple Vulnerabilities
Oval
accepted | 2014-04-07T04:00:20.719-04:00 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
class | vulnerability | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
contributors |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
definition_extensions |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
description | Heap-based buffer overflow in the Vorbis decoder in Google Chrome before 15.0.874.120 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted stream. | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
family | windows | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
id | oval:org.mitre.oval:def:13551 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
status | accepted | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
submitted | 2011-11-25T18:27:58.000-05:00 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
title | Heap-based buffer overflow in the Vorbis decoder in Google Chrome before 15.0.874.120 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted stream. | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
version | 52 |
References
- http://www.mandriva.com/security/advisories?name=MDVSA-2012:076
- http://www.mandriva.com/security/advisories?name=MDVSA-2012:074
- http://www.mandriva.com/security/advisories?name=MDVSA-2012:075
- http://googlechromereleases.blogspot.com/2011/11/stable-channel-update.html
- http://secunia.com/advisories/49089
- http://www.debian.org/security/2012/dsa-2471
- http://secunia.com/advisories/46933
- http://code.google.com/p/chromium/issues/detail?id=101458
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13551