Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ubuntuUbuntuUSN-734-1
HistoryMar 16, 2009 - 12:00 a.m.

FFmpeg vulnerabilities

2009-03-1600:00:00
ubuntu.com
36

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

7.3 High

AI Score

Confidence

High

0.495 Medium

EPSS

Percentile

97.5%

JSON

Releases

  • Ubuntu 8.10
  • Ubuntu 8.04
  • Ubuntu 7.10

Packages

  • ffmpeg -
  • ffmpeg-debian -

Details

It was discovered that FFmpeg did not correctly handle certain malformed
Ogg Media (OGM) files. If a user were tricked into opening a crafted Ogg
Media file, an attacker could cause the application using FFmpeg to crash,
leading to a denial of service. (CVE-2008-4610)

It was discovered that FFmpeg did not correctly handle certain parameters
when creating DTS streams. If a user were tricked into processing certain
commands, an attacker could cause a denial of service via application
crash, or possibly execute arbitrary code with the privileges of the user
invoking the program. This issue only affected Ubuntu 8.10. (CVE-2008-4866)

It was discovered that FFmpeg did not correctly handle certain malformed
DTS Coherent Acoustics (DCA) files. If a user were tricked into opening a
crafted DCA file, an attacker could cause a denial of service via
application crash, or possibly execute arbitrary code with the privileges
of the user invoking the program. (CVE-2008-4867)

It was discovered that FFmpeg did not correctly handle certain malformed 4X
movie (4xm) files. If a user were tricked into opening a crafted 4xm file,
an attacker could execute arbitrary code with the privileges of the user
invoking the program. (CVE-2009-0385)

OSVersionArchitecturePackageVersionFilename
Ubuntu8.10noarchlibavformat52<Β 3:0.svn20080206-12ubuntu3.1UNKNOWN
Ubuntu8.10noarchffmpeg<Β 3:0.svn20080206-12ubuntu3.1UNKNOWN
Ubuntu8.10noarchffmpeg<Β dbg-3:0.svn20080206-12ubuntu3.1UNKNOWN
Ubuntu8.10noarchlibavcodec-dev<Β 3:0.svn20080206-12ubuntu3.1UNKNOWN
Ubuntu8.10noarchlibavcodec51<Β 3:0.svn20080206-12ubuntu3.1UNKNOWN
Ubuntu8.10noarchlibavdevice-dev<Β 3:0.svn20080206-12ubuntu3.1UNKNOWN
Ubuntu8.10noarchlibavdevice52<Β 3:0.svn20080206-12ubuntu3.1UNKNOWN
Ubuntu8.10noarchlibavformat-dev<Β 3:0.svn20080206-12ubuntu3.1UNKNOWN
Ubuntu8.10noarchlibavutil-dev<Β 3:0.svn20080206-12ubuntu3.1UNKNOWN
Ubuntu8.10noarchlibavutil49<Β 3:0.svn20080206-12ubuntu3.1UNKNOWN
Rows per page:
1-10 of 361

Related

openvas 39
nessus 17
gentoo 2
osv 2
debian 2
ubuntucve 6
prion 5
cvelist 5
cve 5
debiancve 5
nvd 5
freebsd 2
checkpoint_advisories 1
slackware 1
seebug 1
fedora 2
ibm 1
openvas
openvas
Ubuntu: Security Advisory (USN-734-1)
2009-03-19 00:00:00
Ubuntu USN-734-1 (ffmpeg-debian)
2009-03-20 00:00:00
Mandrake Security Advisory MDVSA-2009:015 (ffmpeg)
2009-01-20 00:00:00
nessus
nessus
Ubuntu 7.10 / 8.04 LTS / 8.10 : ffmpeg, ffmpeg-debian vulnerabilities (USN-734-1)
2009-04-23 00:00:00
Mandriva Linux Security Advisory : ffmpeg (MDVSA-2009:015)
2009-04-23 00:00:00
Mandriva Linux Security Advisory : mplayer (MDVSA-2009:014)
2009-04-23 00:00:00
gentoo
gentoo
FFmpeg: Multiple vulnerabilities
2009-03-19 00:00:00
MPlayer: Multiple vulnerabilities
2013-10-25 00:00:00
osv
osv
mplayer - arbitrary code execution
2009-04-29 00:00:00
ffmpeg ffmpeg-debian - arbitrary code execution
2009-04-29 00:00:00
debian
debian
[SECURITY] [DSA 1782-1] New mplayer packages fix arbitrary code execution
2009-04-29 07:01:08
[SECURITY] [DSA 1781-1] New ffmpeg-debian packages fix arbitrary code execution
2009-04-29 07:00:35
ubuntucve
ubuntucve
CVE-2008-4867
2008-10-31 00:00:00
CVE-2008-4866
2008-10-31 00:00:00
CVE-2009-0385
2009-02-02 00:00:00
prion
prion
Buffer overflow
2008-11-01 00:00:00
Buffer overflow
2008-11-01 00:00:00
Integer overflow
2009-02-02 19:30:00
cvelist
cvelist
CVE-2008-4867
2008-10-31 22:00:00
CVE-2008-4866
2008-10-31 22:00:00
CVE-2009-0385
2009-02-02 19:00:00
cve
cve
CVE-2008-4867
2008-11-01 00:00:01
CVE-2008-4866
2008-11-01 00:00:01
CVE-2009-0385
2009-02-02 19:30:00
debiancve
debiancve
CVE-2008-4867
2008-11-01 00:00:01
CVE-2008-4866
2008-11-01 00:00:01
CVE-2009-0385
2009-02-02 19:30:00
nvd
nvd
CVE-2008-4867
2008-11-01 00:00:01
CVE-2008-4866
2008-11-01 00:00:01
CVE-2009-0385
2009-02-02 19:30:00
freebsd
freebsd
ffmpeg -- 4xm processing memory corruption vulnerability
2009-01-28 00:00:00
libxine -- multiple vulnerabilities
2009-04-04 00:00:00
checkpoint_advisories
checkpoint_advisories
FFmpeg 4xm Processing Memory Corruption (CVE-2009-0385)
2009-11-03 00:00:00
slackware
slackware
xine-lib
2009-04-07 23:31:21
seebug
seebug
FFmpeg 4xmζ–‡δ»Άθ§£ζžε†…ε­˜η ΄εζΌζ΄ž
2009-02-19 00:00:00
fedora
fedora
[SECURITY] Fedora 10 Update: xine-lib-1.1.16.3-1.fc10
2009-04-09 16:08:28
[SECURITY] Fedora 9 Update: xine-lib-1.1.16.3-1.fc9
2009-04-09 16:07:39
ibm
ibm
Security Bulletin: Multiple Vulnerabilities Have Been Identified In IBM Security Verify Privilege Vault previously known as IBM Security Secret Server
2020-09-23 05:03:22

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

7.3 High

AI Score

Confidence

High

0.495 Medium

EPSS

Percentile

97.5%

JSON
Related for USN-734-1
openvas39nessus17gentoo2osv2debian2ubuntucve6prion5cvelist5cve5debiancve5nvd5freebsd2checkpoint_advisories1slackware1seebug1fedora2ibm1