Lucene search

K
ubuntuUbuntuUSN-1479-1
HistoryJun 18, 2012 - 12:00 a.m.

FFmpeg vulnerabilities

2012-06-1800:00:00
ubuntu.com
33

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

10

Confidence

High

EPSS

0.044

Percentile

92.5%

Releases

  • Ubuntu 10.04

Packages

  • ffmpeg - multimedia player, server and encoder

Details

Mateusz Jurczyk and Gynvael Coldwind discovered that FFmpeg incorrectly
handled certain malformed DV files. If a user were tricked into opening a
crafted DV file, an attacker could cause a denial of service via
application crash, or possibly execute arbitrary code with the privileges
of the user invoking the program. (CVE-2011-3929, CVE-2011-3936)

Mateusz Jurczyk and Gynvael Coldwind discovered that FFmpeg incorrectly
handled certain malformed NSV files. If a user were tricked into opening a
crafted NSV file, an attacker could cause a denial of service via
application crash, or possibly execute arbitrary code with the privileges
of the user invoking the program. (CVE-2011-3940)

Mateusz Jurczyk and Gynvael Coldwind discovered that FFmpeg incorrectly
handled certain malformed MJPEG-B files. If a user were tricked into
opening a crafted MJPEG-B file, an attacker could cause a denial of service
via application crash, or possibly execute arbitrary code with the
privileges of the user invoking the program. (CVE-2011-3947)

Mateusz Jurczyk and Gynvael Coldwind discovered that FFmpeg incorrectly
handled certain malformed DPCM files. If a user were tricked into opening a
crafted DPCM file, an attacker could cause a denial of service via
application crash, or possibly execute arbitrary code with the privileges
of the user invoking the program. (CVE-2011-3951)

Mateusz Jurczyk and Gynvael Coldwind discovered that FFmpeg incorrectly
handled certain malformed KMVC files. If a user were tricked into opening a
crafted KMVC file, an attacker could cause a denial of service via
application crash, or possibly execute arbitrary code with the privileges
of the user invoking the program. (CVE-2011-3952)

It was discovered that FFmpeg incorrectly handled certain malformed H.264
files. If a user were tricked into opening a crafted H.264 file, an
attacker could cause a denial of service via application crash, or possibly
execute arbitrary code with the privileges of the user invoking the
program. (CVE-2012-0851)

It was discovered that FFmpeg incorrectly handled certain malformed ADPCM
files. If a user were tricked into opening a crafted ADPCM file, an
attacker could cause a denial of service via application crash, or possibly
execute arbitrary code with the privileges of the user invoking the
program. (CVE-2012-0852)

It was discovered that FFmpeg incorrectly handled certain malformed Atrac 3
files. If a user were tricked into opening a crafted Atrac 3 file, an
attacker could cause a denial of service via application crash, or possibly
execute arbitrary code with the privileges of the user invoking the
program. (CVE-2012-0853)

It was discovered that FFmpeg incorrectly handled certain malformed Shorten
files. If a user were tricked into opening a crafted Shorten file, an
attacker could cause a denial of service via application crash, or possibly
execute arbitrary code with the privileges of the user invoking the
program. (CVE-2012-0858)

It was discovered that FFmpeg incorrectly handled certain malformed Vorbis
files. If a user were tricked into opening a crafted Vorbis file, an
attacker could cause a denial of service via application crash, or possibly
execute arbitrary code with the privileges of the user invoking the
program. (CVE-2012-0859)

Fabian Yamaguchi discovered that FFmpeg incorrectly handled certain
malformed VQA files. If a user were tricked into opening a crafted VQA
file, an attacker could cause a denial of service via application crash, or
possibly execute arbitrary code with the privileges of the user invoking
the program. (CVE-2012-0947)

OSVersionArchitecturePackageVersionFilename
Ubuntu10.04noarchlibavformat52< 4:0.5.9-0ubuntu0.10.04.1UNKNOWN
Ubuntu10.04noarchffmpeg< 4:0.5.9-0ubuntu0.10.04.1UNKNOWN
Ubuntu10.04noarchffmpeg-dbg< 4:0.5.9-0ubuntu0.10.04.1UNKNOWN
Ubuntu10.04noarchlibavcodec-dev< 4:0.5.9-0ubuntu0.10.04.1UNKNOWN
Ubuntu10.04noarchlibavcodec52< 4:0.5.9-0ubuntu0.10.04.1UNKNOWN
Ubuntu10.04noarchlibavdevice-dev< 4:0.5.9-0ubuntu0.10.04.1UNKNOWN
Ubuntu10.04noarchlibavdevice52< 4:0.5.9-0ubuntu0.10.04.1UNKNOWN
Ubuntu10.04noarchlibavfilter-dev< 4:0.5.9-0ubuntu0.10.04.1UNKNOWN
Ubuntu10.04noarchlibavfilter0< 4:0.5.9-0ubuntu0.10.04.1UNKNOWN
Ubuntu10.04noarchlibavformat-dev< 4:0.5.9-0ubuntu0.10.04.1UNKNOWN
Rows per page:
1-10 of 161

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

10

Confidence

High

EPSS

0.044

Percentile

92.5%