what you don't know can hurt you

Register | Login

FilesNewsUsersAuthors

Home Files News &[SERVICES_TAB]About Contact Add New

Mandriva Linux Security Advisory 2011-114

Posted Jul 19, 2011

Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2011-114 - oggparsevorbis.c in FFmpeg 0.5 does not properly perform certain pointer arithmetic, which might allow remote attackers to obtain sensitive memory contents and cause a denial of service via a crafted file that triggers an out-of-bounds read. vorbis_dec.c in FFmpeg 0.5 uses an assignment operator when a comparison operator was intended, which might allow remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted file that modifies a loop counter and triggers a heap-based buffer overflow. Various other issues were also addressed.

tags | advisory, remote, denial of service, overflow, arbitrary

systems | linux, mandriva

advisories | CVE-2009-4632, CVE-2009-4633, CVE-2009-4634, CVE-2009-4635, CVE-2009-4636, CVE-2009-4640, CVE-2010-3429, CVE-2010-4704, CVE-2011-0722, CVE-2011-0723

SHA-256 | 2edb4f909d4679c9270182246df61ab65e6bfeb80e7547c02673cf6c81e96391

Download | Favorite | View

Related Files

No related files