Lucene search
Ubuntu.comUB:CVE-2008-3230HistoryJul 18, 2008 - 12:00 a.m.
CVE-2008-3230
2008-07-1800:00:00
ubuntu.com
ubuntu.com
13
CVSS2
1.9
Attack Vector
LOCAL
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:L/AC:M/Au:N/C:N/I:N/A:P
EPSS
0.002
Percentile
57.2%
The ffmpeg lavf demuxer allows user-assisted attackers to cause a denial of
service (application crash) via a crafted GIF file, possibly related to
gstreamer, as demonstrated by lol-giftopnm.gif.
Bugs
- <http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=498764>
- <https://roundup.mplayerhq.hu/roundup/ffmpeg/issue530>
- <https://bugs.launchpad.net/ubuntu/+source/ffmpeg-debian/+bug/253767>
Notes
| Author | Note |
|---|---|
| mdeslaur | Reproducer is here: http://libcaca.zoy.org/attachment/wiki/zzuf/bugs/lol-giftopnm.gif?format=raw This is just a dos, and upstream fixed this by removing the gif demuxer which would cause a regression for a stable release, so I opt to not fix this… |
Related
nvd
nvd
CVE-2008-3230
2008-07-18 16:41:00
cve
cve
CVE-2008-3230
2008-07-18 16:41:00
debiancve
debiancve
CVE-2008-3230
2008-07-18 16:41:00
prion
prion
Spoofing
2008-07-18 16:41:00
cvelist
cvelist
CVE-2008-3230
2008-07-18 16:00:00
openvas
openvas
Mandriva Security Advisory MDVSA-2009:297-1 (ffmpeg)
2009-12-10 00:00:00
Mandriva Security Advisory MDVSA-2009:297 (ffmpeg)
2009-11-17 00:00:00
Mandriva Security Advisory MDVSA-2009:297 (ffmpeg)
2009-11-17 00:00:00
nessus
nessus
Mandriva Linux Security Advisory : ffmpeg (MDVSA-2009:297-1)
2009-11-16 00:00:00
CVSS2
1.9
Attack Vector
LOCAL
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:L/AC:M/Au:N/C:N/I:N/A:P
EPSS
0.002
Percentile
57.2%
Related for UB:CVE-2008-3230