ID CVE-2011-3949
Summary The dirac_unpack_idwt_params function in libavcodec/diracdec.c in FFmpeg before 0.10 allows remote attackers to have an unspecified impact via crafted Dirac data.
References
Vulnerable Configurations
  • FFmpeg 0.5.5
    cpe:2.3:a:ffmpeg:ffmpeg:0.5.5
  • FFmpeg 0.3
    cpe:2.3:a:ffmpeg:ffmpeg:0.3
  • FFmpeg 0.3.1
    cpe:2.3:a:ffmpeg:ffmpeg:0.3.1
  • FFmpeg 0.3.2
    cpe:2.3:a:ffmpeg:ffmpeg:0.3.2
  • FFmpeg 0.3.3
    cpe:2.3:a:ffmpeg:ffmpeg:0.3.3
  • FFmpeg 0.3.4
    cpe:2.3:a:ffmpeg:ffmpeg:0.3.4
  • FFmpeg 0.4.0
    cpe:2.3:a:ffmpeg:ffmpeg:0.4.0
  • FFmpeg 0.4.2
    cpe:2.3:a:ffmpeg:ffmpeg:0.4.2
  • FFmpeg 0.4.3
    cpe:2.3:a:ffmpeg:ffmpeg:0.4.3
  • FFmpeg 0.4.4
    cpe:2.3:a:ffmpeg:ffmpeg:0.4.4
  • FFmpeg 0.4.5
    cpe:2.3:a:ffmpeg:ffmpeg:0.4.5
  • FFmpeg 0.4.6
    cpe:2.3:a:ffmpeg:ffmpeg:0.4.6
  • FFmpeg 0.4.7
    cpe:2.3:a:ffmpeg:ffmpeg:0.4.7
  • FFmpeg 0.4.8
    cpe:2.3:a:ffmpeg:ffmpeg:0.4.8
  • FFmpeg 0.4.9 pre1
    cpe:2.3:a:ffmpeg:ffmpeg:0.4.9:pre1
  • FFmpeg 0.5
    cpe:2.3:a:ffmpeg:ffmpeg:0.5
  • FFmpeg 0.5.1
    cpe:2.3:a:ffmpeg:ffmpeg:0.5.1
  • FFmpeg 0.5.2
    cpe:2.3:a:ffmpeg:ffmpeg:0.5.2
  • FFmpeg 0.5.3
    cpe:2.3:a:ffmpeg:ffmpeg:0.5.3
  • FFmpeg 0.5.4
    cpe:2.3:a:ffmpeg:ffmpeg:0.5.4
  • FFmpeg 0.5.4.5
    cpe:2.3:a:ffmpeg:ffmpeg:0.5.4.5
  • FFmpeg 0.5.4.6
    cpe:2.3:a:ffmpeg:ffmpeg:0.5.4.6
  • FFmpeg 0.6
    cpe:2.3:a:ffmpeg:ffmpeg:0.6
  • FFmpeg 0.6.1
    cpe:2.3:a:ffmpeg:ffmpeg:0.6.1
  • FFmpeg 0.6.2
    cpe:2.3:a:ffmpeg:ffmpeg:0.6.2
  • FFmpeg 0.6.3
    cpe:2.3:a:ffmpeg:ffmpeg:0.6.3
  • FFmpeg 0.7
    cpe:2.3:a:ffmpeg:ffmpeg:0.7
  • FFmpeg 0.7.1
    cpe:2.3:a:ffmpeg:ffmpeg:0.7.1
  • FFmpeg 0.7.11
    cpe:2.3:a:ffmpeg:ffmpeg:0.7.11
  • FFmpeg 0.7.12
    cpe:2.3:a:ffmpeg:ffmpeg:0.7.12
  • FFmpeg 0.7.2
    cpe:2.3:a:ffmpeg:ffmpeg:0.7.2
  • FFmpeg 0.7.3
    cpe:2.3:a:ffmpeg:ffmpeg:0.7.3
  • FFmpeg 0.7.4
    cpe:2.3:a:ffmpeg:ffmpeg:0.7.4
  • FFmpeg 0.7.5
    cpe:2.3:a:ffmpeg:ffmpeg:0.7.5
  • FFmpeg 0.7.6
    cpe:2.3:a:ffmpeg:ffmpeg:0.7.6
  • FFmpeg 0.7.7
    cpe:2.3:a:ffmpeg:ffmpeg:0.7.7
  • FFmpeg 0.7.8
    cpe:2.3:a:ffmpeg:ffmpeg:0.7.8
  • FFmpeg 0.7.9
    cpe:2.3:a:ffmpeg:ffmpeg:0.7.9
  • FFmpeg 0.8.0
    cpe:2.3:a:ffmpeg:ffmpeg:0.8.0
  • FFmpeg 0.8.1
    cpe:2.3:a:ffmpeg:ffmpeg:0.8.1
  • FFmpeg 0.8.10
    cpe:2.3:a:ffmpeg:ffmpeg:0.8.10
  • FFmpeg 0.8.11
    cpe:2.3:a:ffmpeg:ffmpeg:0.8.11
  • FFmpeg 0.8.2
    cpe:2.3:a:ffmpeg:ffmpeg:0.8.2
  • FFmpeg 0.8.5
    cpe:2.3:a:ffmpeg:ffmpeg:0.8.5
  • FFmpeg 0.8.5.3
    cpe:2.3:a:ffmpeg:ffmpeg:0.8.5.3
  • FFmpeg 0.8.5.4
    cpe:2.3:a:ffmpeg:ffmpeg:0.8.5.4
  • FFmpeg 0.8.6
    cpe:2.3:a:ffmpeg:ffmpeg:0.8.6
  • FFmpeg 0.8.7
    cpe:2.3:a:ffmpeg:ffmpeg:0.8.7
  • FFmpeg 0.8.8
    cpe:2.3:a:ffmpeg:ffmpeg:0.8.8
  • FFmpeg FFmpeg 0.9.1
    cpe:2.3:a:ffmpeg:ffmpeg:0.9.1
  • FFmpeg FFmpeg 0.9
    cpe:2.3:a:ffmpeg:ffmpeg:0.9
CVSS
Base: 6.8 (as of 10-12-2013 - 12:10)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
nessus via4
NASL family Gentoo Local Security Checks
NASL id GENTOO_GLSA-201310-12.NASL
description The remote host is affected by the vulnerability described in GLSA-201310-12 (FFmpeg: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in FFmpeg. Please review the CVE identifiers and FFmpeg changelogs referenced below for details. Impact : A remote attacker could entice a user to open a specially crafted media file, possibly leading to the execution of arbitrary code with the privileges of the user running the application or a Denial of Service. Workaround : There is no known workaround at this time.
last seen 2019-02-21
modified 2018-12-18
plugin id 70647
published 2013-10-27
reporter Tenable
source https://www.tenable.com/plugins/index.php?view=single&id=70647
title GLSA-201310-12 : FFmpeg: Multiple vulnerabilities
refmap via4
confirm
Last major update 10-12-2013 - 12:11
Published 09-12-2013 - 11:36
Back to Top