Vulnerability   
Search   
    Search 191973 CVE descriptions
and 86218 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.702471
Category:Debian Local Security Checks
Title:Debian Security Advisory DSA 2471-1 (ffmpeg - several vulnerabilities)
Summary:Several vulnerabilities have been discovered in FFmpeg, a multimedia;player, server and encoder. Multiple input validations in the decoders/;demuxers for Westwood Studios VQA, Apple MJPEG-B, Theora, Matroska,;Vorbis, Sony ATRAC3, DV, NSV, files could lead to the execution of;arbitrary code.;;These issues were discovered by Aki Helin, Mateusz Jurczyk, Gynvael;Coldwind, and Michael Niedermayer.
Description:Summary:
Several vulnerabilities have been discovered in FFmpeg, a multimedia
player, server and encoder. Multiple input validations in the decoders/
demuxers for Westwood Studios VQA, Apple MJPEG-B, Theora, Matroska,
Vorbis, Sony ATRAC3, DV, NSV, files could lead to the execution of
arbitrary code.

These issues were discovered by Aki Helin, Mateusz Jurczyk, Gynvael
Coldwind, and Michael Niedermayer.

Affected Software/OS:
ffmpeg on Debian Linux

Solution:
For the stable distribution (squeeze), this problem has been fixed in
version 4:0.5.8-1.

For the unstable distribution (sid), this problem has been fixed in
version 6:0.8.2-1 of libav.

We recommend that you upgrade your ffmpeg packages.

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2011-3893
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14267
http://secunia.com/advisories/46933
http://secunia.com/advisories/49089
Common Vulnerability Exposure (CVE) ID: CVE-2011-3895
Debian Security Information: DSA-2471 (Google Search)
http://www.debian.org/security/2012/dsa-2471
http://www.mandriva.com/security/advisories?name=MDVSA-2012:074
http://www.mandriva.com/security/advisories?name=MDVSA-2012:075
http://www.mandriva.com/security/advisories?name=MDVSA-2012:076
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13551
Common Vulnerability Exposure (CVE) ID: CVE-2011-3936
http://www.ubuntu.com/usn/USN-1479-1
Common Vulnerability Exposure (CVE) ID: CVE-2012-0947
BugTraq ID: 53389
http://www.securityfocus.com/bid/53389
https://bugs.launchpad.net/ubuntu/+source/libav/+bug/980963
http://www.openwall.com/lists/oss-security/2012/05/03/4
Common Vulnerability Exposure (CVE) ID: CVE-2011-3892
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14484
Common Vulnerability Exposure (CVE) ID: CVE-2011-3929
Common Vulnerability Exposure (CVE) ID: CVE-2011-3940
Common Vulnerability Exposure (CVE) ID: CVE-2011-3947
Common Vulnerability Exposure (CVE) ID: CVE-2012-0853
http://www.openwall.com/lists/oss-security/2012/02/14/4
CopyrightCopyright (C) 2013 Greenbone Networks GmbH http://greenbone.net

This is only one of 86218 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2020 E-Soft Inc. All rights reserved.