accept no compromises
Showing 1 - 12 of 12 RSS Feed

CVE-2010-3429

Status Candidate

Overview

flicvideo.c in libavcodec 0.6 and earlier in FFmpeg, as used in MPlayer and other products, allows remote attackers to execute arbitrary code via a crafted flic file, related to an "arbitrary offset dereference vulnerability."

Related Files

Gentoo Linux Security Advisory 201310-13
Posted Oct 25, 2013
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201310-13 - Multiple vulnerabilities have been found in MPlayer and the bundled FFmpeg, the worst of which may lead to the execution of arbitrary code. Versions less than 1.1-r1 are affected.

tags | advisory, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2007-6718, CVE-2008-4610, CVE-2010-2062, CVE-2010-3429, CVE-2011-3625
MD5 | f67778839b2515915d6a88c6585830f3
Gentoo Linux Security Advisory 201310-12
Posted Oct 25, 2013
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201310-12 - Multiple vulnerabilities were found in FFmpeg, the worst of which might enable remote attackers to cause user-assisted execution of arbitrary code. Versions less than 1.0.7 are affected.

tags | advisory, remote, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2009-4631, CVE-2009-4632, CVE-2009-4633, CVE-2009-4634, CVE-2009-4635, CVE-2009-4636, CVE-2009-4637, CVE-2009-4638, CVE-2009-4639, CVE-2009-4640, CVE-2010-3429, CVE-2010-3908, CVE-2010-4704, CVE-2010-4704, CVE-2010-4705, CVE-2011-1931, CVE-2011-3362, CVE-2011-3893, CVE-2011-3895, CVE-2011-3929, CVE-2011-3934, CVE-2011-3935, CVE-2011-3936, CVE-2011-3937, CVE-2011-3940, CVE-2011-3941, CVE-2011-3944, CVE-2011-3945
MD5 | 33c8f58588b7d42839d0c0db313bb2df
Mandriva Linux Security Advisory 2011-114
Posted Jul 19, 2011
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2011-114 - oggparsevorbis.c in FFmpeg 0.5 does not properly perform certain pointer arithmetic, which might allow remote attackers to obtain sensitive memory contents and cause a denial of service via a crafted file that triggers an out-of-bounds read. vorbis_dec.c in FFmpeg 0.5 uses an assignment operator when a comparison operator was intended, which might allow remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted file that modifies a loop counter and triggers a heap-based buffer overflow. Various other issues were also addressed.

tags | advisory, remote, denial of service, overflow, arbitrary
systems | linux, mandriva
advisories | CVE-2009-4632, CVE-2009-4633, CVE-2009-4634, CVE-2009-4635, CVE-2009-4636, CVE-2009-4640, CVE-2010-3429, CVE-2010-4704, CVE-2011-0722, CVE-2011-0723
MD5 | 11781717ba26baa96445fb242f81e108
Mandriva Linux Security Advisory 2011-112
Posted Jul 19, 2011
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2011-112 - oggparsevorbis.c in FFmpeg 0.5 does not properly perform certain pointer arithmetic, which might allow remote attackers to obtain sensitive memory contents and cause a denial of service via a crafted file that triggers an out-of-bounds read. vorbis_dec.c in FFmpeg 0.5 uses an assignment operator when a comparison operator was intended, which might allow remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted file that modifies a loop counter and triggers a heap-based buffer overflow. Various other issues were also addressed.

tags | advisory, remote, denial of service, overflow, arbitrary
systems | linux, mandriva
advisories | CVE-2009-4632, CVE-2009-4633, CVE-2009-4634, CVE-2009-4635, CVE-2009-4636, CVE-2009-4639, CVE-2009-4640, CVE-2010-3429, CVE-2010-4704, CVE-2011-0723
MD5 | 5ef84bf7d97b6bfc0465e19f371066db
Mandriva Linux Security Advisory 2011-089
Posted May 17, 2011
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2011-089 - FFmpeg 0.5 allows remote attackers to cause a denial of service via a crafted file that triggers an infinite loop. flicvideo.c in libavcodec 0.6 and earlier in FFmpeg, as used in MPlayer and other products, allows remote attackers to execute arbitrary code via a crafted flic file, related to an arbitrary offset dereference vulnerability. Various other issues were also addressed.

tags | advisory, remote, denial of service, arbitrary
systems | linux, mandriva
advisories | CVE-2009-4636, CVE-2010-3429, CVE-2010-4704, CVE-2011-0722, CVE-2011-0723
MD5 | 8067b59c9ab2df987026945dd4283ee4
Mandriva Linux Security Advisory 2011-088
Posted May 17, 2011
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2011-088 - Multiple vulnerabilities have been identified and fixed in mplayer. These range from memory disclosure to code execution issues.

tags | advisory, vulnerability, code execution
systems | linux, mandriva
advisories | CVE-2009-4632, CVE-2009-4633, CVE-2009-4634, CVE-2009-4635, CVE-2009-4636, CVE-2009-4639, CVE-2009-4640, CVE-2010-3429, CVE-2010-4704
MD5 | 8b74d05b5fda8be6ba9b00f0ce989e91
Ubuntu Security Notice USN-1104-1
Posted Apr 4, 2011
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1104-1 - Cesar Bernardini and Felipe Andres Manzano discovered that FFmpeg incorrectly handled certain malformed flic files. Dan Rosenberg discovered that FFmpeg incorrectly handled certain malformed wmv files. It was discovered that FFmpeg incorrectly handled certain malformed ogg files. It was discovered that FFmpeg incorrectly handled certain malformed WebM files. Dan Rosenberg discovered that FFmpeg incorrectly handled certain malformed RealMedia files. Dan Rosenberg discovered that FFmpeg incorrectly handled certain malformed VC1 files.

tags | advisory
systems | linux, ubuntu
advisories | CVE-2010-3429, CVE-2010-3908, CVE-2010-4704, CVE-2011-0480, CVE-2011-0722, CVE-2011-0723
MD5 | c31a9de5695cbffe5a513feaeebacdcc
Mandriva Linux Security Advisory 2011-062
Posted Apr 2, 2011
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2011-062 - FFmpeg 0.5 allows remote attackers to cause a denial of service via a crafted file that triggers an infinite loop. flicvideo.c in libavcodec 0.6 and earlier in FFmpeg, as used in MPlayer and other products, allows remote attackers to execute arbitrary code via a crafted flic file, related to an arbitrary offset dereference vulnerability. Various other issues were also addressed.

tags | advisory, remote, denial of service, arbitrary
systems | linux, mandriva
advisories | CVE-2009-4636, CVE-2010-3429, CVE-2010-4704, CVE-2011-0722, CVE-2011-0723
MD5 | ba830f6dc8a8955b0f4a704135c8287c
Mandriva Linux Security Advisory 2011-061
Posted Apr 1, 2011
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2011-061 - oggparsevorbis.c in FFmpeg 0.5 does not properly perform certain pointer arithmetic, which might allow remote attackers to obtain sensitive memory contents and cause a denial of service via a crafted file that triggers an out-of-bounds read. vorbis_dec.c in FFmpeg 0.5 uses an assignment operator when a comparison operator was intended, which might allow remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted file that modifies a loop counter and triggers a heap-based buffer overflow. Multiple integer underflows in FFmpeg 0.5 allow remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted file that bypasses a validation check in vorbis_dec.c and triggers a wraparound of the stack pointer, or access a pointer from out-of-bounds memory in mov.c, related to an elst tag that appears before a tag that creates a stream. FFmpeg 0.5 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted MOV container with improperly ordered tags that cause utils.c to use inconsistent codec types and identifiers, which causes the mp3 decoder to process a pointer for a video structure, leading to a stack-based buffer overflow. FFmpeg 0.5 allows remote attackers to cause a denial of service via a crafted file that triggers an infinite loop. The av_rescale_rnd function in the AVI demuxer in FFmpeg 0.5 allows remote attackers to cause a denial of service via a crafted AVI file that triggers a divide-by-zero error. Array index error in vorbis_dec.c in FFmpeg 0.5 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted Vorbis file that triggers an out-of-bounds read. flicvideo.c in libavcodec 0.6 and earlier in FFmpeg, as used in MPlayer and other products, allows remote attackers to execute arbitrary code via a crafted flic file, related to an arbitrary offset dereference vulnerability. Fix memory corruption in WMV parsing. libavcodec/vorbis_dec.c in the Vorbis decoder in FFmpeg 0.6.1 and earlier allows remote attackers to cause a denial of service via a crafted.ogg file, related to the vorbis_floor0_decode function. Multiple buffer overflows in vorbis_dec.c in the Vorbis decoder in FFmpeg, as used in Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344, allow remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted WebM file, related to buffers for Fix heap corruption crashes. Fix invalid reads in VC-1 decoding. And several additional vulnerabilities originally discovered by Google Chrome developers were also fixed with this advisory. The updated packages have been patched to correct these issues.

tags | advisory, remote, denial of service, overflow, arbitrary, vulnerability
systems | linux, mandriva
advisories | CVE-2009-4632, CVE-2009-4633, CVE-2009-4634, CVE-2009-4635, CVE-2009-4636, CVE-2009-4639, CVE-2009-4640, CVE-2010-3429, CVE-2010-3908, CVE-2010-4704, CVE-2011-0480, CVE-2011-0722, CVE-2011-0723
MD5 | 2f094e286762afe93bfaedf95287e34c
Mandriva Linux Security Advisory 2011-060
Posted Apr 1, 2011
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2011-060 - oggparsevorbis.c in FFmpeg 0.5 does not properly perform certain pointer arithmetic, which might allow remote attackers to obtain sensitive memory contents and cause a denial of service via a crafted file that triggers an out-of-bounds read. vorbis_dec.c in FFmpeg 0.5 uses an assignment operator when a comparison operator was intended, which might allow remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted file that modifies a loop counter and triggers a heap-based buffer overflow. Multiple integer underflows in FFmpeg 0.5 allow remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted file that bypasses a validation check in vorbis_dec.c and triggers a wraparound of the stack pointer, or access a pointer from out-of-bounds memory in mov.c, related to an elst tag that appears before a tag that creates a stream. FFmpeg 0.5 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted MOV container with improperly ordered tags that cause utils.c to use inconsistent codec types and identifiers, which causes the mp3 decoder to process a pointer for a video structure, leading to a stack-based buffer overflow. The av_rescale_rnd function in the AVI demuxer in FFmpeg 0.5 allows remote attackers to cause a denial of service via a crafted AVI file that triggers a divide-by-zero error. Array index error in vorbis_dec.c in FFmpeg 0.5 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted Vorbis file that triggers an out-of-bounds read. flicvideo.c in libavcodec 0.6 and earlier in FFmpeg, as used in MPlayer and other products, allows remote attackers to execute arbitrary code via a crafted flic file, related to an arbitrary offset dereference vulnerability. libavcodec/vorbis_dec.c in the Vorbis decoder in FFmpeg 0.6.1 and earlier allows remote attackers to cause a denial of service via a crafted.ogg file, related to the vorbis_floor0_decode function. And several additional vulnerabilities originally discovered by Google Chrome developers were also fixed with this advisory.

tags | advisory, remote, denial of service, overflow, arbitrary, vulnerability
systems | linux, mandriva
advisories | CVE-2009-4632, CVE-2009-4633, CVE-2009-4634, CVE-2009-4635, CVE-2009-4639, CVE-2009-4640, CVE-2010-3429, CVE-2010-4704
MD5 | dfa7a0d99fd9a30b7b891b03c883152b
Debian Security Advisory 2165-1
Posted Feb 16, 2011
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2165-1 - Several vulnerabilities have been discovered in FFmpeg coders, which are used by by MPlayer and other applications.

tags | advisory, vulnerability
systems | linux, debian
advisories | CVE-2010-3429, CVE-2010-4704, CVE-2010-4705
MD5 | 4f37f4bc1af3aba914cef7e561e93cf0
Open Source CERT Security Advisory 2010.4
Posted Sep 29, 2010
Authored by Andrea Barisani, Open Source CERT | Site ocert.org

The libavcodec library, an open source video encoding/decoding library part of the FFmpeg project, suffers from an arbitrary offset dereference vulnerability. The vulnerability affects the flic file format parser, insufficient restrictions on a writable buffer can be exploited to execute arbitrary code via the heap memory. A specific flic file can be crafted to trigger the vulnerability. Versions 0.6 and below are affected.

tags | advisory, arbitrary
advisories | CVE-2010-3429
MD5 | c04676de70ace56cf68c31687cda89b4
Page 1 of 1
Back1Next

File Archive:

July 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    2 Files
  • 2
    Jul 2nd
    3 Files
  • 3
    Jul 3rd
    15 Files
  • 4
    Jul 4th
    4 Files
  • 5
    Jul 5th
    15 Files
  • 6
    Jul 6th
    15 Files
  • 7
    Jul 7th
    10 Files
  • 8
    Jul 8th
    2 Files
  • 9
    Jul 9th
    10 Files
  • 10
    Jul 10th
    15 Files
  • 11
    Jul 11th
    15 Files
  • 12
    Jul 12th
    19 Files
  • 13
    Jul 13th
    16 Files
  • 14
    Jul 14th
    15 Files
  • 15
    Jul 15th
    3 Files
  • 16
    Jul 16th
    2 Files
  • 17
    Jul 17th
    8 Files
  • 18
    Jul 18th
    11 Files
  • 19
    Jul 19th
    15 Files
  • 20
    Jul 20th
    15 Files
  • 21
    Jul 21st
    15 Files
  • 22
    Jul 22nd
    7 Files
  • 23
    Jul 23rd
    2 Files
  • 24
    Jul 24th
    19 Files
  • 25
    Jul 25th
    28 Files
  • 26
    Jul 26th
    2 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close