certfr_avis - certa-2011-avi-507

CERTA-2011-AVI-507

Vulnerability from certfr_avis

Plusieurs vulnérabilités ont été découverte dans FFmpeg.

Description

Plusieurs vulnérabilités sont présentes dans FFmpeg.

La première (CVE-2010-3908) permet à une personne malintentionnée d'effectuer un déni de service, voire d'exécuter du code arbitraire, lors de l'ouverture d'un fichier WMV spécialement conçu.

La deuxième (CVE-2010-4704) permet de provoquer un déni de service lors de l'ouverture d'un fichier Ogg contrefait.

La troisième (CVE-2011-0480) concerne différents dépassements de tampon dans le décodeur Vorbis, pouvant avoir lieu lors de l'ouverture d'un fichier WebM spécialement formé. Il est alors possible de rendre l'application inopérante (déni de service). Ce problème pourrait avoir d'autres conséquences non déterminées.

La dernière (CVE-2011-0722) permet à un utilisateur malintentionné de provoquer un déni de service ou une exécution de code arbitraire lors de la lecture d'un fichier RealMedia contrefait.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Debian Squeeze

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Buleltin de sécurité Debian DSA-2306-1 du 11 septembre 2011	None	vendor-advisory
Bulletin de sécurité Debian DSA 2306 du 11 septembre 2011 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cp\u003eDebian Squeeze\u003c/p\u003e",
  "content": "## Description\n\nPlusieurs vuln\u00e9rabilit\u00e9s sont pr\u00e9sentes dans FFmpeg.\n\nLa premi\u00e8re (CVE-2010-3908) permet \u00e0 une personne malintentionn\u00e9e\nd\u0027effectuer un d\u00e9ni de service, voire d\u0027ex\u00e9cuter du code arbitraire,\nlors de l\u0027ouverture d\u0027un fichier WMV sp\u00e9cialement con\u00e7u.\n\nLa deuxi\u00e8me (CVE-2010-4704) permet de provoquer un d\u00e9ni de service lors\nde l\u0027ouverture d\u0027un fichier Ogg contrefait.\n\nLa troisi\u00e8me (CVE-2011-0480) concerne diff\u00e9rents d\u00e9passements de tampon\ndans le d\u00e9codeur Vorbis, pouvant avoir lieu lors de l\u0027ouverture d\u0027un\nfichier WebM sp\u00e9cialement form\u00e9. Il est alors possible de rendre\nl\u0027application inop\u00e9rante (d\u00e9ni de service). Ce probl\u00e8me pourrait avoir\nd\u0027autres cons\u00e9quences non d\u00e9termin\u00e9es.\n\nLa derni\u00e8re (CVE-2011-0722) permet \u00e0 un utilisateur malintentionn\u00e9 de\nprovoquer un d\u00e9ni de service ou une ex\u00e9cution de code arbitraire lors de\nla lecture d\u0027un fichier RealMedia contrefait.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2010-4704",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4704"
    },
    {
      "name": "CVE-2011-0480",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0480"
    },
    {
      "name": "CVE-2011-0722",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0722"
    },
    {
      "name": "CVE-2010-3908",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3908"
    }
  ],
  "initial_release_date": "2011-09-13T00:00:00",
  "last_revision_date": "2011-09-13T00:00:00",
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Debian DSA 2306 du 11 septembre 2011 :",
      "url": "http://www.debian.org/security/2011/dsa-2306"
    }
  ],
  "reference": "CERTA-2011-AVI-507",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2011-09-13T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire"
    },
    {
      "description": "D\u00e9ni de service"
    }
  ],
  "summary": "Plusieurs vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couverte dans \u00a0\u003cspan\nclass=\"textit\"\u003eFFmpeg\u003c/span\u003e.\n",
  "title": "Vuln\u00e9rabilit\u00e9s dans FFmpeg",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Buleltin de s\u00e9curit\u00e9 Debian DSA-2306-1 du 11 septembre 2011",
      "url": null
    }
  ]
}

CVE-2010-3908 (GCVE-0-2010-3908)

Vulnerability from cvelistv5

Published

2011-05-20 22:00

Modified

2024-08-07 03:26

Severity ?

CWE

Summary

FFmpeg before 0.5.4, as used in MPlayer and other products, allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a malformed WMV file.

References

URL

Tags

	http://www.debian.org/security/2011/dsa-2306	vendor-advisory, x_refsource_DEBIAN
	http://www.mandriva.com/security/advisories?name=MDVSA-2011:061	vendor-advisory, x_refsource_MANDRIVA
	http://www.ubuntu.com/usn/usn-1104-1/	vendor-advisory, x_refsource_UBUNTU
	http://ffmpeg.mplayerhq.hu/	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T03:26:12.181Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "DSA-2306",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2011/dsa-2306"
          },
          {
            "name": "MDVSA-2011:061",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:061"
          },
          {
            "name": "USN-1104-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/usn-1104-1/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://ffmpeg.mplayerhq.hu/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2011-03-17T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "FFmpeg before 0.5.4, as used in MPlayer and other products, allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a malformed WMV file."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2011-10-26T09:00:00",
        "orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
        "shortName": "canonical"
      },
      "references": [
        {
          "name": "DSA-2306",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2011/dsa-2306"
        },
        {
          "name": "MDVSA-2011:061",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:061"
        },
        {
          "name": "USN-1104-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/usn-1104-1/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://ffmpeg.mplayerhq.hu/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@ubuntu.com",
          "ID": "CVE-2010-3908",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "FFmpeg before 0.5.4, as used in MPlayer and other products, allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a malformed WMV file."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "DSA-2306",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2011/dsa-2306"
            },
            {
              "name": "MDVSA-2011:061",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:061"
            },
            {
              "name": "USN-1104-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/usn-1104-1/"
            },
            {
              "name": "http://ffmpeg.mplayerhq.hu/",
              "refsource": "CONFIRM",
              "url": "http://ffmpeg.mplayerhq.hu/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
    "assignerShortName": "canonical",
    "cveId": "CVE-2010-3908",
    "datePublished": "2011-05-20T22:00:00",
    "dateReserved": "2010-10-12T00:00:00",
    "dateUpdated": "2024-08-07T03:26:12.181Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2011-0722 (GCVE-0-2011-0722)

Vulnerability from cvelistv5

Published

2011-05-20 22:00

Modified

2024-08-06 22:05

Severity ?

CWE

Summary

FFmpeg before 0.5.4, as used in MPlayer and other products, allows remote attackers to cause a denial of service (heap memory corruption and application crash) or possibly execute arbitrary code via a malformed RealMedia file.

References

URL

Tags

	http://www.debian.org/security/2011/dsa-2306	vendor-advisory, x_refsource_DEBIAN
	http://www.mandriva.com/security/advisories?name=MDVSA-2011:061	vendor-advisory, x_refsource_MANDRIVA
	http://www.mandriva.com/security/advisories?name=MDVSA-2011:062	vendor-advisory, x_refsource_MANDRIVA
	http://www.mandriva.com/security/advisories?name=MDVSA-2011:114	vendor-advisory, x_refsource_MANDRIVA
	http://www.ubuntu.com/usn/usn-1104-1/	vendor-advisory, x_refsource_UBUNTU
	http://www.mandriva.com/security/advisories?name=MDVSA-2011:089	vendor-advisory, x_refsource_MANDRIVA
	http://ffmpeg.mplayerhq.hu/	x_refsource_CONFIRM
	http://www.vupen.com/english/advisories/2011/1241	vdb-entry, x_refsource_VUPEN
	http://www.securityfocus.com/bid/47149	vdb-entry, x_refsource_BID

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T22:05:53.346Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "DSA-2306",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2011/dsa-2306"
          },
          {
            "name": "MDVSA-2011:061",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:061"
          },
          {
            "name": "MDVSA-2011:062",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:062"
          },
          {
            "name": "MDVSA-2011:114",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:114"
          },
          {
            "name": "USN-1104-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/usn-1104-1/"
          },
          {
            "name": "MDVSA-2011:089",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:089"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://ffmpeg.mplayerhq.hu/"
          },
          {
            "name": "ADV-2011-1241",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2011/1241"
          },
          {
            "name": "47149",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/47149"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2011-03-17T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "FFmpeg before 0.5.4, as used in MPlayer and other products, allows remote attackers to cause a denial of service (heap memory corruption and application crash) or possibly execute arbitrary code via a malformed RealMedia file."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2011-10-26T09:00:00",
        "orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
        "shortName": "canonical"
      },
      "references": [
        {
          "name": "DSA-2306",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2011/dsa-2306"
        },
        {
          "name": "MDVSA-2011:061",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:061"
        },
        {
          "name": "MDVSA-2011:062",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:062"
        },
        {
          "name": "MDVSA-2011:114",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:114"
        },
        {
          "name": "USN-1104-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/usn-1104-1/"
        },
        {
          "name": "MDVSA-2011:089",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:089"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://ffmpeg.mplayerhq.hu/"
        },
        {
          "name": "ADV-2011-1241",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2011/1241"
        },
        {
          "name": "47149",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/47149"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@ubuntu.com",
          "ID": "CVE-2011-0722",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "FFmpeg before 0.5.4, as used in MPlayer and other products, allows remote attackers to cause a denial of service (heap memory corruption and application crash) or possibly execute arbitrary code via a malformed RealMedia file."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "DSA-2306",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2011/dsa-2306"
            },
            {
              "name": "MDVSA-2011:061",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:061"
            },
            {
              "name": "MDVSA-2011:062",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:062"
            },
            {
              "name": "MDVSA-2011:114",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:114"
            },
            {
              "name": "USN-1104-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/usn-1104-1/"
            },
            {
              "name": "MDVSA-2011:089",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:089"
            },
            {
              "name": "http://ffmpeg.mplayerhq.hu/",
              "refsource": "CONFIRM",
              "url": "http://ffmpeg.mplayerhq.hu/"
            },
            {
              "name": "ADV-2011-1241",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2011/1241"
            },
            {
              "name": "47149",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/47149"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
    "assignerShortName": "canonical",
    "cveId": "CVE-2011-0722",
    "datePublished": "2011-05-20T22:00:00",
    "dateReserved": "2011-02-01T00:00:00",
    "dateUpdated": "2024-08-06T22:05:53.346Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2010-4704 (GCVE-0-2010-4704)

Vulnerability from cvelistv5

Published

2011-01-22 21:00

Modified

2024-08-07 03:55

Severity ?

CWE

Summary

libavcodec/vorbis_dec.c in the Vorbis decoder in FFmpeg 0.6.1 and earlier allows remote attackers to cause a denial of service (application crash) via a crafted .ogg file, related to the vorbis_floor0_decode function. NOTE: this might overlap CVE-2011-0480.

References

URL

Tags

	http://www.mandriva.com/security/advisories?name=MDVSA-2011:088	vendor-advisory, x_refsource_MANDRIVA
	http://www.debian.org/security/2011/dsa-2306	vendor-advisory, x_refsource_DEBIAN
	http://www.mandriva.com/security/advisories?name=MDVSA-2011:061	vendor-advisory, x_refsource_MANDRIVA
	https://roundup.ffmpeg.org/issue2322	x_refsource_CONFIRM
	http://www.mandriva.com/security/advisories?name=MDVSA-2011:062	vendor-advisory, x_refsource_MANDRIVA
	http://www.mandriva.com/security/advisories?name=MDVSA-2011:112	vendor-advisory, x_refsource_MANDRIVA
	http://www.mandriva.com/security/advisories?name=MDVSA-2011:114	vendor-advisory, x_refsource_MANDRIVA
	http://secunia.com/advisories/43323	third-party-advisory, x_refsource_SECUNIA
	http://www.ubuntu.com/usn/usn-1104-1/	vendor-advisory, x_refsource_UBUNTU
	http://www.mandriva.com/security/advisories?name=MDVSA-2011:089	vendor-advisory, x_refsource_MANDRIVA
	http://ffmpeg.mplayerhq.hu/	x_refsource_CONFIRM
	http://git.ffmpeg.org/?p=ffmpeg.git%3Ba=commit%3Bh=3dde66752d59dfdd0f3727efd66e7202b3c75078	x_refsource_CONFIRM
	http://www.debian.org/security/2011/dsa-2165	vendor-advisory, x_refsource_DEBIAN
	http://www.vupen.com/english/advisories/2011/1241	vdb-entry, x_refsource_VUPEN
	http://www.securityfocus.com/bid/46294	vdb-entry, x_refsource_BID
	http://www.mandriva.com/security/advisories?name=MDVSA-2011:060	vendor-advisory, x_refsource_MANDRIVA

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T03:55:34.467Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "MDVSA-2011:088",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:088"
          },
          {
            "name": "DSA-2306",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2011/dsa-2306"
          },
          {
            "name": "MDVSA-2011:061",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:061"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://roundup.ffmpeg.org/issue2322"
          },
          {
            "name": "MDVSA-2011:062",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:062"
          },
          {
            "name": "MDVSA-2011:112",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:112"
          },
          {
            "name": "MDVSA-2011:114",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:114"
          },
          {
            "name": "43323",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/43323"
          },
          {
            "name": "USN-1104-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/usn-1104-1/"
          },
          {
            "name": "MDVSA-2011:089",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:089"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://ffmpeg.mplayerhq.hu/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://git.ffmpeg.org/?p=ffmpeg.git%3Ba=commit%3Bh=3dde66752d59dfdd0f3727efd66e7202b3c75078"
          },
          {
            "name": "DSA-2165",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2011/dsa-2165"
          },
          {
            "name": "ADV-2011-1241",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2011/1241"
          },
          {
            "name": "46294",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/46294"
          },
          {
            "name": "MDVSA-2011:060",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:060"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2010-10-27T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "libavcodec/vorbis_dec.c in the Vorbis decoder in FFmpeg 0.6.1 and earlier allows remote attackers to cause a denial of service (application crash) via a crafted .ogg file, related to the vorbis_floor0_decode function.  NOTE: this might overlap CVE-2011-0480."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2011-02-23T10:00:00",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "MDVSA-2011:088",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:088"
        },
        {
          "name": "DSA-2306",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2011/dsa-2306"
        },
        {
          "name": "MDVSA-2011:061",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:061"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://roundup.ffmpeg.org/issue2322"
        },
        {
          "name": "MDVSA-2011:062",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:062"
        },
        {
          "name": "MDVSA-2011:112",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:112"
        },
        {
          "name": "MDVSA-2011:114",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:114"
        },
        {
          "name": "43323",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/43323"
        },
        {
          "name": "USN-1104-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/usn-1104-1/"
        },
        {
          "name": "MDVSA-2011:089",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:089"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://ffmpeg.mplayerhq.hu/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://git.ffmpeg.org/?p=ffmpeg.git%3Ba=commit%3Bh=3dde66752d59dfdd0f3727efd66e7202b3c75078"
        },
        {
          "name": "DSA-2165",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2011/dsa-2165"
        },
        {
          "name": "ADV-2011-1241",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2011/1241"
        },
        {
          "name": "46294",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/46294"
        },
        {
          "name": "MDVSA-2011:060",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:060"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2010-4704",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "libavcodec/vorbis_dec.c in the Vorbis decoder in FFmpeg 0.6.1 and earlier allows remote attackers to cause a denial of service (application crash) via a crafted .ogg file, related to the vorbis_floor0_decode function.  NOTE: this might overlap CVE-2011-0480."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "MDVSA-2011:088",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:088"
            },
            {
              "name": "DSA-2306",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2011/dsa-2306"
            },
            {
              "name": "MDVSA-2011:061",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:061"
            },
            {
              "name": "https://roundup.ffmpeg.org/issue2322",
              "refsource": "CONFIRM",
              "url": "https://roundup.ffmpeg.org/issue2322"
            },
            {
              "name": "MDVSA-2011:062",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:062"
            },
            {
              "name": "MDVSA-2011:112",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:112"
            },
            {
              "name": "MDVSA-2011:114",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:114"
            },
            {
              "name": "43323",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/43323"
            },
            {
              "name": "USN-1104-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/usn-1104-1/"
            },
            {
              "name": "MDVSA-2011:089",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:089"
            },
            {
              "name": "http://ffmpeg.mplayerhq.hu/",
              "refsource": "CONFIRM",
              "url": "http://ffmpeg.mplayerhq.hu/"
            },
            {
              "name": "http://git.ffmpeg.org/?p=ffmpeg.git;a=commit;h=3dde66752d59dfdd0f3727efd66e7202b3c75078",
              "refsource": "CONFIRM",
              "url": "http://git.ffmpeg.org/?p=ffmpeg.git;a=commit;h=3dde66752d59dfdd0f3727efd66e7202b3c75078"
            },
            {
              "name": "DSA-2165",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2011/dsa-2165"
            },
            {
              "name": "ADV-2011-1241",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2011/1241"
            },
            {
              "name": "46294",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/46294"
            },
            {
              "name": "MDVSA-2011:060",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:060"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2010-4704",
    "datePublished": "2011-01-22T21:00:00",
    "dateReserved": "2011-01-22T00:00:00",
    "dateUpdated": "2024-08-07T03:55:34.467Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2011-0480 (GCVE-0-2011-0480)

Vulnerability from cvelistv5

Published

2011-01-14 16:00

Modified

2024-08-06 21:51

Severity ?

CWE

Summary

Multiple buffer overflows in vorbis_dec.c in the Vorbis decoder in FFmpeg, as used in Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344, allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via a crafted WebM file, related to buffers for (1) the channel floor and (2) the channel residue.

References

URL

Tags

	http://roundup.ffmpeg.org/issue2548	x_refsource_CONFIRM
	http://www.debian.org/security/2011/dsa-2306	vendor-advisory, x_refsource_DEBIAN
	http://googlechromereleases.blogspot.com/2011/01/chrome-stable-release.html	x_refsource_CONFIRM
	http://article.gmane.org/gmane.comp.video.ffmpeg.devel/122703	mailing-list, x_refsource_MLIST
	http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=610550	x_refsource_CONFIRM
	http://codereview.chromium.org/6069005	x_refsource_CONFIRM
	http://www.securityfocus.com/bid/45788	vdb-entry, x_refsource_BID
	http://git.ffmpeg.org/?p=ffmpeg.git%3Ba=commit%3Bh=13184036a6b1b1d4b61c91118c0896e9ad4634c3	x_refsource_CONFIRM
	http://www.mandriva.com/security/advisories?name=MDVSA-2011:061	vendor-advisory, x_refsource_MANDRIVA
	http://src.chromium.org/viewvc/chrome?view=rev&revision=70200	x_refsource_CONFIRM
	http://codereview.chromium.org/5964011	x_refsource_CONFIRM
	http://www.srware.net/forum/viewtopic.php?f=18&t=2054	x_refsource_CONFIRM
	http://www.ubuntu.com/usn/usn-1104-1/	vendor-advisory, x_refsource_UBUNTU
	http://osvdb.org/70463	vdb-entry, x_refsource_OSVDB
	https://exchange.xforce.ibmcloud.com/vulnerabilities/64671	vdb-entry, x_refsource_XF
	http://ffmpeg.mplayerhq.hu/	x_refsource_CONFIRM
	http://code.google.com/p/chromium/issues/detail?id=68115	x_refsource_CONFIRM
	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14380	vdb-entry, signature, x_refsource_OVAL
	http://roundup.ffmpeg.org/issue2550	x_refsource_CONFIRM
	http://secunia.com/advisories/42951	third-party-advisory, x_refsource_SECUNIA

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T21:51:08.928Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://roundup.ffmpeg.org/issue2548"
          },
          {
            "name": "DSA-2306",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2011/dsa-2306"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://googlechromereleases.blogspot.com/2011/01/chrome-stable-release.html"
          },
          {
            "name": "[ffmpeg-devel] 20101229 [PATCH] Fix a couple of errors with bad Vorbis headers",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://article.gmane.org/gmane.comp.video.ffmpeg.devel/122703"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=610550"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://codereview.chromium.org/6069005"
          },
          {
            "name": "45788",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/45788"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://git.ffmpeg.org/?p=ffmpeg.git%3Ba=commit%3Bh=13184036a6b1b1d4b61c91118c0896e9ad4634c3"
          },
          {
            "name": "MDVSA-2011:061",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:061"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://src.chromium.org/viewvc/chrome?view=rev\u0026revision=70200"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://codereview.chromium.org/5964011"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.srware.net/forum/viewtopic.php?f=18\u0026t=2054"
          },
          {
            "name": "USN-1104-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/usn-1104-1/"
          },
          {
            "name": "70463",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/70463"
          },
          {
            "name": "chrome-vorbis-bo(64671)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64671"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://ffmpeg.mplayerhq.hu/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://code.google.com/p/chromium/issues/detail?id=68115"
          },
          {
            "name": "oval:org.mitre.oval:def:14380",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14380"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://roundup.ffmpeg.org/issue2550"
          },
          {
            "name": "42951",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/42951"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2011-01-12T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple buffer overflows in vorbis_dec.c in the Vorbis decoder in FFmpeg, as used in Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344, allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via a crafted WebM file, related to buffers for (1) the channel floor and (2) the channel residue."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-09-18T12:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://roundup.ffmpeg.org/issue2548"
        },
        {
          "name": "DSA-2306",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2011/dsa-2306"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://googlechromereleases.blogspot.com/2011/01/chrome-stable-release.html"
        },
        {
          "name": "[ffmpeg-devel] 20101229 [PATCH] Fix a couple of errors with bad Vorbis headers",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://article.gmane.org/gmane.comp.video.ffmpeg.devel/122703"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=610550"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://codereview.chromium.org/6069005"
        },
        {
          "name": "45788",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/45788"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://git.ffmpeg.org/?p=ffmpeg.git%3Ba=commit%3Bh=13184036a6b1b1d4b61c91118c0896e9ad4634c3"
        },
        {
          "name": "MDVSA-2011:061",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:061"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://src.chromium.org/viewvc/chrome?view=rev\u0026revision=70200"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://codereview.chromium.org/5964011"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.srware.net/forum/viewtopic.php?f=18\u0026t=2054"
        },
        {
          "name": "USN-1104-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/usn-1104-1/"
        },
        {
          "name": "70463",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/70463"
        },
        {
          "name": "chrome-vorbis-bo(64671)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64671"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://ffmpeg.mplayerhq.hu/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://code.google.com/p/chromium/issues/detail?id=68115"
        },
        {
          "name": "oval:org.mitre.oval:def:14380",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14380"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://roundup.ffmpeg.org/issue2550"
        },
        {
          "name": "42951",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/42951"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2011-0480",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple buffer overflows in vorbis_dec.c in the Vorbis decoder in FFmpeg, as used in Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344, allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via a crafted WebM file, related to buffers for (1) the channel floor and (2) the channel residue."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://roundup.ffmpeg.org/issue2548",
              "refsource": "CONFIRM",
              "url": "http://roundup.ffmpeg.org/issue2548"
            },
            {
              "name": "DSA-2306",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2011/dsa-2306"
            },
            {
              "name": "http://googlechromereleases.blogspot.com/2011/01/chrome-stable-release.html",
              "refsource": "CONFIRM",
              "url": "http://googlechromereleases.blogspot.com/2011/01/chrome-stable-release.html"
            },
            {
              "name": "[ffmpeg-devel] 20101229 [PATCH] Fix a couple of errors with bad Vorbis headers",
              "refsource": "MLIST",
              "url": "http://article.gmane.org/gmane.comp.video.ffmpeg.devel/122703"
            },
            {
              "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=610550",
              "refsource": "CONFIRM",
              "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=610550"
            },
            {
              "name": "http://codereview.chromium.org/6069005",
              "refsource": "CONFIRM",
              "url": "http://codereview.chromium.org/6069005"
            },
            {
              "name": "45788",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/45788"
            },
            {
              "name": "http://git.ffmpeg.org/?p=ffmpeg.git;a=commit;h=13184036a6b1b1d4b61c91118c0896e9ad4634c3",
              "refsource": "CONFIRM",
              "url": "http://git.ffmpeg.org/?p=ffmpeg.git;a=commit;h=13184036a6b1b1d4b61c91118c0896e9ad4634c3"
            },
            {
              "name": "MDVSA-2011:061",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:061"
            },
            {
              "name": "http://src.chromium.org/viewvc/chrome?view=rev\u0026revision=70200",
              "refsource": "CONFIRM",
              "url": "http://src.chromium.org/viewvc/chrome?view=rev\u0026revision=70200"
            },
            {
              "name": "http://codereview.chromium.org/5964011",
              "refsource": "CONFIRM",
              "url": "http://codereview.chromium.org/5964011"
            },
            {
              "name": "http://www.srware.net/forum/viewtopic.php?f=18\u0026t=2054",
              "refsource": "CONFIRM",
              "url": "http://www.srware.net/forum/viewtopic.php?f=18\u0026t=2054"
            },
            {
              "name": "USN-1104-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/usn-1104-1/"
            },
            {
              "name": "70463",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/70463"
            },
            {
              "name": "chrome-vorbis-bo(64671)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64671"
            },
            {
              "name": "http://ffmpeg.mplayerhq.hu/",
              "refsource": "CONFIRM",
              "url": "http://ffmpeg.mplayerhq.hu/"
            },
            {
              "name": "http://code.google.com/p/chromium/issues/detail?id=68115",
              "refsource": "CONFIRM",
              "url": "http://code.google.com/p/chromium/issues/detail?id=68115"
            },
            {
              "name": "oval:org.mitre.oval:def:14380",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14380"
            },
            {
              "name": "http://roundup.ffmpeg.org/issue2550",
              "refsource": "CONFIRM",
              "url": "http://roundup.ffmpeg.org/issue2550"
            },
            {
              "name": "42951",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/42951"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2011-0480",
    "datePublished": "2011-01-14T16:00:00",
    "dateReserved": "2011-01-14T00:00:00",
    "dateUpdated": "2024-08-06T21:51:08.928Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CERTA-2011-AVI-507

Vulnerability from certfr_avis

Description

Solution

CVE-2010-3908 (GCVE-0-2010-3908)

Vulnerability from cvelistv5

CVE-2011-0722 (GCVE-0-2011-0722)

Vulnerability from cvelistv5

CVE-2010-4704 (GCVE-0-2010-4704)

Vulnerability from cvelistv5

CVE-2011-0480 (GCVE-0-2011-0480)

Vulnerability from cvelistv5

Tags

Sightings

Nomenclature