FreeBSD Local Security Checks : FreeBSD Ports: ffmpeg

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.63628

Categoría: FreeBSD Local Security Checks

Título: FreeBSD Ports: ffmpeg

Resumen: The remote host is missing an update to the system; as announced in the referenced advisory.

Descripción: Summary:
The remote host is missing an update to the system
as announced in the referenced advisory.

Vulnerability Insight:
The following package is affected: ffmpeg

CVE-2009-0385
Integer signedness error in the fourxm_read_header function in
libavformat/4xm.c in FFmpeg before revision 16846 allows remote
attackers to execute arbitrary code via a malformed 4X movie file with
a large current_track value, which triggers a NULL pointer
dereference.

Solution:
Update your system with the appropriate patches or
software upgrades.

CVSS Score:
9.3

CVSS Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2009-0385
BugTraq ID: 33502
http://www.securityfocus.com/bid/33502
Bugtraq: 20090128 [TKADV2009-004] FFmpeg Type Conversion Vulnerability (Google Search)
http://www.securityfocus.com/archive/1/500514/100/0/threaded
Debian Security Information: DSA-1781 (Google Search)
http://www.debian.org/security/2009/dsa-1781
Debian Security Information: DSA-1782 (Google Search)
http://www.debian.org/security/2009/dsa-1782
https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00210.html
https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00215.html
http://security.gentoo.org/glsa/glsa-200903-33.xml
http://www.mandriva.com/security/advisories?name=MDVSA-2009:297
http://www.trapkit.de/advisories/TKADV2009-004.txt
http://osvdb.org/51643
http://secunia.com/advisories/33711
http://secunia.com/advisories/34296
http://secunia.com/advisories/34385
http://secunia.com/advisories/34712
http://secunia.com/advisories/34845
http://secunia.com/advisories/34905
http://www.ubuntu.com/usn/USN-734-1
http://www.vupen.com/english/advisories/2009/0277
XForce ISS Database: ffmpeg-fourxmreadheader-code-execution(48330)
https://exchange.xforce.ibmcloud.com/vulnerabilities/48330

Copyright Copyright (C) 2009 E-Soft Inc.

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.63628
Categoría:	FreeBSD Local Security Checks
Título:	FreeBSD Ports: ffmpeg
Resumen:	The remote host is missing an update to the system; as announced in the referenced advisory.
Descripción:	Summary: The remote host is missing an update to the system as announced in the referenced advisory. Vulnerability Insight: The following package is affected: ffmpeg CVE-2009-0385 Integer signedness error in the fourxm_read_header function in libavformat/4xm.c in FFmpeg before revision 16846 allows remote attackers to execute arbitrary code via a malformed 4X movie file with a large current_track value, which triggers a NULL pointer dereference. Solution: Update your system with the appropriate patches or software upgrades. CVSS Score: 9.3 CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2009-0385 BugTraq ID: 33502 http://www.securityfocus.com/bid/33502 Bugtraq: 20090128 [TKADV2009-004] FFmpeg Type Conversion Vulnerability (Google Search) http://www.securityfocus.com/archive/1/500514/100/0/threaded Debian Security Information: DSA-1781 (Google Search) http://www.debian.org/security/2009/dsa-1781 Debian Security Information: DSA-1782 (Google Search) http://www.debian.org/security/2009/dsa-1782 https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00210.html https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00215.html http://security.gentoo.org/glsa/glsa-200903-33.xml http://www.mandriva.com/security/advisories?name=MDVSA-2009:297 http://www.trapkit.de/advisories/TKADV2009-004.txt http://osvdb.org/51643 http://secunia.com/advisories/33711 http://secunia.com/advisories/34296 http://secunia.com/advisories/34385 http://secunia.com/advisories/34712 http://secunia.com/advisories/34845 http://secunia.com/advisories/34905 http://www.ubuntu.com/usn/USN-734-1 http://www.vupen.com/english/advisories/2009/0277 XForce ISS Database: ffmpeg-fourxmreadheader-code-execution(48330) https://exchange.xforce.ibmcloud.com/vulnerabilities/48330
Copyright	Copyright (C) 2009 E-Soft Inc.