Debian DSA-2165-1 : ffmpeg-debian

NASLDB: Debian DSA-2165-1 : ffmpeg-debian - buffer overflow

General

ID: 52028
Name: Debian DSA-2165-1 : ffmpeg-debian – buffer overflow

Summary: Checks dpkg output for the updated package

Credits: –

Classification

Risk: –

CVSS: –
CVSS Base Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C
CVSS Temporal Vector: –

Port: 0
Family: Debian Local Security Checks
Type: Local

Description

Several vulnerabilities have been discovered in FFmpeg coders, which
are used by MPlayer and other applications.

– CVE-2010-3429
Cesar Bernardini and Felipe Andres Manzano reported an
arbitrary offset dereference vulnerability in the
libavcodec, in particular in the FLIC file format
parser. A specific FLIC file may exploit this
vulnerability and execute arbitrary code. Mplayer is
also affected by this problem, as well as other software
that use this library.

– CVE-2010-4704
Greg Maxwell discovered an integer overflow the Vorbis
decoder in FFmpeg. A specific Ogg file may exploit this
vulnerability and execute arbitrary code.

– CVE-2010-4705
A potential integer overflow has been discovered in the
Vorbis decoder in FFmpeg.

This upload also fixes an incomplete patch from DSA-2000-1. Michael
Gilbert noticed that there was remaining vulnerabilities, which may
cause a denial of service and potentially execution of arbitrary code.

Exploiting

Exploit Available: –
Exploitability Ease: –

Sources

CVE: CVE-2010-3429
OSVDB: –
Bugtraq: –
scipID: –

Timeline

Vulnerability Disclosure: –
Patch Release: 2011/02/16
Plugin Release: 2011/02/20

Plugin

Version: 1.3
Filename: debian_DSA-2165.nasl
Filesize: 3904 bytes
MD5 Hash: c0039825c93a7e5751c27dfd4d4f8ac1

Identification: Host/local_checks_enabled
Require Keys: Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l
Dependencies: "ssh_get_info.nasl"

Letzte Plugins

Letzte Plugins

scip AG